[Twisted-Python] Authentication with multiple handshakes
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able to find any examples of it. As an alternative, I was going to implement a user object with state that determined what it was able to do. I could force the client to conduct multiple challenge responses to achieve the logged in state. I figured it would be better to ask the mail list for the proper way to do it first. Thanks -- Alvin
On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able to find any examples of it.
As an alternative, I was going to implement a user object with state that determined what it was able to do. I could force the client to conduct multiple challenge responses to achieve the logged in state.
I figured it would be better to ask the mail list for the proper way to do it first.
Thanks
Excuse me if I'm being dense, but what are you trying to do exactly? -- Eric Mangold Twisted/Win32 Co-Maintainer
On 12/20/06, Eric Mangold <teratorn@twistedmatrix.com> wrote:
On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able to find any examples of it.
As an alternative, I was going to implement a user object with state that determined what it was able to do. I could force the client to conduct multiple challenge responses to achieve the logged in state.
I figured it would be better to ask the mail list for the proper way to do it first.
Thanks
Excuse me if I'm being dense, but what are you trying to do exactly?
-- Eric Mangold Twisted/Win32 Co-Maintainer
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
P2P application Client logs onto server with Publickey Since the server does not necessarily have the same IP address, I also want to authenticate the server's PK also. Thanks -- Alvin
On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
On 12/20/06, Eric Mangold <teratorn@twistedmatrix.com> wrote:
On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able to find any examples of it.
As an alternative, I was going to implement a user object with state
that
determined what it was able to do. I could force the client to conduct multiple challenge responses to achieve the logged in state.
I figured it would be better to ask the mail list for the proper way to do it first.
Thanks
Excuse me if I'm being dense, but what are you trying to do exactly?
-- Eric Mangold Twisted/Win32 Co-Maintainer
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
P2P application Client logs onto server with Publickey Since the server does not necessarily have the same IP address, I also want to authenticate the server's PK also.
Thanks
As far as I know PB doesn't provide any mechanism for the client to authenticate the server. But it should be easy to implement. You could use the normal procedure to log in to the server. The server provides various remote methods that you can call in order to have it verify itself to you. Once you (the client) are satisifed, then, and only then, do you consider yourself "logged in". You should be caution to prevent the server from invoking methods on the client, and vise vera, prior to authenticating the server. -- Eric Mangold Twisted/Win32 Co-Maintainer
On 12/21/06, Eric Mangold <teratorn@twistedmatrix.com> wrote:
On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
On 12/20/06, Eric Mangold <teratorn@twistedmatrix.com> wrote:
On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able
to
find any examples of it.
As an alternative, I was going to implement a user object with state that determined what it was able to do. I could force the client to conduct multiple challenge responses to achieve the logged in state.
I figured it would be better to ask the mail list for the proper way to do it first.
Thanks
Excuse me if I'm being dense, but what are you trying to do exactly?
-- Eric Mangold Twisted/Win32 Co-Maintainer
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
P2P application Client logs onto server with Publickey Since the server does not necessarily have the same IP address, I also want to authenticate the server's PK also.
Thanks
As far as I know PB doesn't provide any mechanism for the client to authenticate the server. But it should be easy to implement.
You could use the normal procedure to log in to the server. The server provides various remote methods that you can call in order to have it verify itself to you. Once you (the client) are satisifed, then, and only then, do you consider yourself "logged in". You should be caution to prevent the server from invoking methods on the client, and vise vera, prior to authenticating the server.
-- Eric Mangold Twisted/Win32 Co-Maintainer
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
I was thinking that there might be something more elegant. If I am implementing the login procedure by hand anyway, it seems like it would be simpler to just build it into pb.root. I could skip the realms/checker stuff. I would keep the secure stuff in a pb.referenceableand not return it unless the user passes all the tests. Am I missing anything? Thanks Alvin
On Thu, 21 Dec 2006 03:24:59 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
On 12/21/06, Eric Mangold <teratorn@twistedmatrix.com> wrote:
On Thu, 21 Dec 2006 01:45:07 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
On 12/20/06, Eric Mangold <teratorn@twistedmatrix.com> wrote:
On Wed, 20 Dec 2006 22:45:45 -0600, Alvin Wang <alvinwang@gmail.com> wrote:
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able
find any examples of it.
As an alternative, I was going to implement a user object with state
to that
determined what it was able to do. I could force the client to conduct multiple challenge responses to achieve the logged in state.
I figured it would be better to ask the mail list for the proper way to do it first.
Thanks
Excuse me if I'm being dense, but what are you trying to do exactly?
-- Eric Mangold Twisted/Win32 Co-Maintainer
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
P2P application Client logs onto server with Publickey Since the server does not necessarily have the same IP address, I also want to authenticate the server's PK also.
Thanks
As far as I know PB doesn't provide any mechanism for the client to authenticate the server. But it should be easy to implement.
You could use the normal procedure to log in to the server. The server provides various remote methods that you can call in order to have it verify itself to you. Once you (the client) are satisifed, then, and only then, do you consider yourself "logged in". You should be caution to prevent the server from invoking methods on the client, and vise vera, prior to authenticating the server.
-- Eric Mangold Twisted/Win32 Co-Maintainer
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
I was thinking that there might be something more elegant.
If I am implementing the login procedure by hand anyway, it seems like it would be simpler to just build it into pb.root. I could skip the realms/checker stuff. I would keep the secure stuff in a pb.referenceableand not return it unless the user passes all the tests. Am I missing anything?
Thanks Alvin
I'm not really sure what that means in concrete implementation terms. But it seems like you get the picture. If you need more help it's probably time to start posting code. -- Eric Mangold Twisted/Win32 Co-Maintainer
Hi everyone, I have just got Centos4.4 (actually Red Hat Enterprise Linux 4 Update 4) running on a PC as I need a local TCP/IP server running a custom data collection protocol. As there may be many outstations sending data to the server I figured on using Twisted. Do any of you Twisted experts have any thoughts on the best versions of Python and Twisted to use bearing in mind that a key requirement is 24/7 operation. Thanks for any help, John
On Wed, 2006-12-20 at 20:45 -0800, Alvin Wang wrote:
http://twistedmatrix.com/projects/core/documentation/howto/pb-cred.html
The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able to find any examples of it.
Cred in general can - credential can have multiple methods that return Deferreds and need to be called in certain order; but PB doesn't really have pluggable authentication, so you may have to do it with extra layer (in mind
Hi Alvin,
The documentation above says that credentials should be able to do authentication with multiple passes. However, I have not been able to find any examples of it.
twisted.cred can indeed do authentication in multiple passes. See the login method defined in twisted.spread.pb.PBClientFactory to see how it works. Yi
participants (5)
-
Alvin Wang -
Eric Mangold -
Itamar Shtull-Trauring -
John Pote -
Yi Qiang