Authentication Using Rotor

Irmen de Jong irmen at -NOSPAM-REMOVE-THIS-xs4all.nl
Sat Mar 15 02:21:27 CET 2003


Jp Calderone wrote:
> On Sat, Mar 15, 2003 at 12:38:05AM +0100, Irmen de Jong wrote:

>>- never is a passphrase stored on disk or in memory.
> 
> 
>   This sounds impossible to me.  Care to elaborate (or qualify)?

What I meant was that the passphrase itself (secret key) used to 
authenticate is not stored *in Pyro*. The server only stores the md5 hash of 
the passphrase (in an in-memory table). Clients don't store anything.

Pyro is a library. It gets called from your application. The way your 
application provides the passphrases to Pyro is up to you. Perhaps you'd 
like to ask the user to type it in, in a password dialog.
Or read it from a (protected!) file. In any case, the authentication routine 
doesn't store them in a table or in a file, but your application may, in fact.


--Irmen.





More information about the Python-list mailing list