On Wed, 2003-04-30 at 14:34, Jp Calderone wrote:
On Wed, Apr 30, 2003 at 01:27:53PM -0400, Abe Fettig wrote:
Hi folks,
In order to really get NNTP and SMTP (securely) integrated with Hep I need to get authentication working. Both of these protocols support authentication, although it's not required by the core RFCs. But as far as I can tell neither of the modules in twisted/protocols supports authentication at the moment.
If you don't get to it first, I may end up doing SMTP authentication sometime in the near future (as I have need for it as well). I hadn't given much thought to NNTP.
I'll make a deal with you - if you do SMTP authentication (demonstrating the 'right way to do it'), I'll write a similar patch for NNTP :-)
I think POP3 should be updated to use cred in a manner similar to that which IMAP4 uses it. Since I wrote IMAP4, obviously I think that is the right way to do authentication ;) (modulo one thing - the actual challenge/response verification should be factored out and away from the Identity class - I believe itamar and glyph have discussed this and have some ideas for the implementation).
Whether the *actual* details of how IMAP4 is using cred are proper are not, I don't know ;) The code works, but it seems that there are too many different objects involved in the process (CramMD5Identity, CramMD5ServerAuthenticator, CramMD5ClientAuthenticator - and that's just for *one* kind of authentication scheme). Setup is similarly tedious, requiring 4 lines of "boilerplate" to set things up, and then *10* lines to add each new identity. Now that imap4.py is settling down, it'd be great if someone with more experience with cred could take a look at it and give me some feedback.
Maybe there will be a coil for cred someday so you can keep this part of the code out of your actual app, though. If so, this is one of the real strengths of cred. Your app doesn't have to do anything to manage user accounts, you just attach the cred coil and you're done.
That would be nice. It seems like there's also the potential to share the code for different methods of authentication between POP3/SMTP/IMAP/NNTP - I think they all can use CRAM-MD5, for example, and it seems silly to duplicate the code in each protocol. Abe