Validate user on FreeBSD
staschuk at telusplanet.net
Fri Mar 21 20:55:35 CET 2003
Quoth Dan Nyanko:
> Steven Taschuk <staschuk at telusplanet.net> wrote in message news:<mailman.1048222276.31387.python-list at python.org>...
> > Why not just use ftp or sftp?
> This is a learning project and a hobby. [...]
Ah. Then see below.
> [...] Using existing programs is
> not why a person visits comp.lang.*
(Some people visit comp.lang.* just looking for help doing
something with language X, not having thought about whether they
should actually be writing something for that purpose in the first
> I put port 510 for no other reason that I was reading about FCP when I
> wrote the program. I guess I was thinking along the lines of
> cryptography and a secure protocol for sending files across tcp/ip...
> Of course, my code does not accomplish any of that but I would like
> for it to do so in the future.
The socket module has support for SSL connections; this can get
you encryption over the link, which is a good start. If you have
any real need for encryption, I recommend re-using SSL rather than
rolling your own; it is notoriously difficult to make
cryptographically secure systems.
For authentication, there's a few things you could do. Probably
easiest: once the connection is encrypted, prompt for a user name
and password, look up the user name in some local database which
lists for each user the right password  and other data of
interest such as the user's home directory and whatnot. On Unixy
systems, you can access the /etc/passwd database with the pwd
(If the link is not encrypted, this method is bad. It's also
vulnerable to man-in-the-middle attacks in any case.)
Once you've authenticated the user, you can downgrade your
privileges to that user's with os.setuid() or os.seteuid(); see
man 2 set[e]uid for details.
 Actually one rarely stores the password itself; /etc/passwd
stores a hash instead, so if the password file is compromised it's
not a complete disaster. See the crypt module.
Steven Taschuk staschuk at telusplanet.net
Receive them ignorant; dispatch them confused. (Weschler's Teaching Motto)
More information about the Python-list