On 09:05 am, [email protected] wrote: >Hi, > > >I'm trying to make sure that I have my cred interfaces right. > >Users log in using a username and password. They provide these >credentials >in plaintext (over a TLSd connection). The user password is stored >using a >secure key derivation function (in casu, scrypt). > >Currently I have this gumongous User object (an Axiom Item), and I'm >trying >to split it up into parts. IIUC, the checker's checked interface should >be >IUsernamePassword (that's already the case). However, the thing I adapt >a >User to to check it should be an IUsernameHashedPassword, right?
This isn't right. The point of declaring interfaces on the checker is so the system knows what kind of credentials it can check. If your credentials object implements a different interface than your checker declares it can check, the system won't ever ask the checker to check the credentials. It sounds like you might have something extra going on beyond the normal usage of cred, which perhaps makes the idea you've written about here work somehow - but I don't know what the extra something is, and it probably doesn't apply to cred usage in general (ie, perhaps it is a particularity of Axiom). Jean-Paul >In the end, I doubt this matters an awful lot, unless somebody ends up >implementing a IUsernameHashedPassword checker that is smart enough to >read >both scrypt/bcrypt headers and /etc/shadow-style $-delimited entries. > >cheers >lvh _______________________________________________ Twisted-Python mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
