[Tahoe-debian] sftpd frontend
bertagaz at ptitcanardnoir.org
bertagaz at ptitcanardnoir.org
Tue Apr 26 09:00:04 UTC 2011
Hi,
Interesting tests. Maybe your suggestion would deserve a bug report on the
upstream tracker, they would probably be the best to implement this
feature.
bert.
On Mon, Apr 25, 2011 at 11:39:28AM -0700, Stefani Banerian wrote:
>
> In looking at installation of tahoe, I noticed that provision was made
> for an (ssh)sftp interface for file upload/download.
>
> The example user file has the layout
>
> username password rootcap
>
> From documentation, it seems only passwords or ssh keys can be used, and
> the example only indicates cleartext/unhashed passwords.
>
> in src/allmydata/frontends, review of sftpd.py and especially auth.py
> suggests that hashed passwords can be used.
>
> However, there is no provision for use of PAM, which would eliminate
> need for this service to deal with authentication at all.
>
> module twisted.cred.credentials has an interface
> IPluggableAuthenticationModules which looks like a candidate. My
> python skills are not particularly good, but I would think that in file
> auth.py the following could be used as a start:
>
>
> class AccountFileChecker:
>
> implements(checkers.ICredentialsChecker)
>
> credentialInterfaces = (credentials.IUsernamePassword,
> credentials.IUsernameHashedPassword,
> credentials.IPluggableAuthenticationModules)
> # see ref #1
>
> def __init__(self, client, accountfile):
> self.client = client
> self.passwords = {}
> self.pubkeys = {}
> self.rootcaps = {}
> for line in open(os.path.expanduser(accountfile), "r"):
> line = line.strip()
> if line.startswith("#") or not line:
> continue
> name, passwd, rest = line.split(None, 2)
> if passwd in ("ssh-dss", "ssh-rsa"):
> bits = rest.split()
> keystring = " ".join(bits[-1])
> rootcap = bits[-1]
> self.pubkeys[name] = keystring
> elif passwd in ("usepam"):
> # some appropriate code to put rest of
> # account file into rootcap var
> else:
> self.passwords[name] = passwd
> rootcap = rest
> self.rootcaps[name] = rootcap
>
>
> and ?perhaps? later,
> def _somePamPasswdChecker(self....
>
>
> Someone who knows this better than I should definitely do the
> implemenation. :|
>
>
> Refs:
>
> (1)
> http://twistedmatrix.com/documents/10.2.0/api/twisted.cred.credentials.html
>
> (2)
> http://twistedmatrix.com/documents/10.2.0/api/twisted.cred.credentials.IPluggableAuthenticationModules.html
>
>
>
> _______________________________________________
> Tahoe-debian mailing list
> Tahoe-debian at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/tahoe-debian
More information about the Tahoe-debian
mailing list