No subject
Mon Mar 21 21:14:43 UTC 2011
the example only indicates cleartext/unhashed passwords.
in src/allmydata/frontends, review of sftpd.py and especially auth.py
suggests that hashed passwords can be used.
However, there is no provision for use of PAM, which would eliminate
need for this service to deal with authentication at all.
module twisted.cred.credentials has an interface
IPluggableAuthenticationModules which looks like a candidate. My
python skills are not particularly good, but I would think that in file
auth.py the following could be used as a start:
class AccountFileChecker:
implements(checkers.ICredentialsChecker)
credentialInterfaces = (credentials.IUsernamePassword,
credentials.IUsernameHashedPassword,
credentials.IPluggableAuthenticationModules)
# see ref #1
def __init__(self, client, accountfile):
self.client = client
self.passwords = {}
self.pubkeys = {}
self.rootcaps = {}
for line in open(os.path.expanduser(accountfile), "r"):
line = line.strip()
if line.startswith("#") or not line:
continue
name, passwd, rest = line.split(None, 2)
if passwd in ("ssh-dss", "ssh-rsa"):
bits = rest.split()
keystring = " ".join(bits[-1])
rootcap = bits[-1]
self.pubkeys[name] = keystring
elif passwd in ("usepam"):
# some appropriate code to put rest of
# account file into rootcap var
else:
self.passwords[name] = passwd
rootcap = rest
self.rootcaps[name] = rootcap
and ?perhaps? later,
def _somePamPasswdChecker(self....
Someone who knows this better than I should definitely do the
implemenation. :|
Refs:
(1)
http://twistedmatrix.com/documents/10.2.0/api/twisted.cred.credentials.html
(2)
http://twistedmatrix.com/documents/10.2.0/api/twisted.cred.credentials.IPluggableAuthenticationModules.html
More information about the Tahoe-debian
mailing list