[Twisted-Python] Question on pamauth.py

Duncan McGreggor duncan.mcgreggor at gmail.com
Tue May 2 22:39:01 MDT 2006 

On May 1, 2006, at 7:28 AM, Terry Jones wrote:

> I'm planning to use twisted.cred and just went to look for ways to
> implement a back end credentials checker that I could plug in. I soon 
> ran
> across mentions of pamauth.py, and was pleasantly surprised to find it
> sitting in my Twisted-2.2.0/twisted/cred/pamauth.py
>
> But, I don't see a mention of how to use it.

The really great thing about cred is that it works the same regardless 
of the underlying authentication mechanism. I suggest writing a couple 
toy examples and plugging those into your twisted app, just to get a 
feel for how things work. In the process you will gain genuine 
knowledge (as opposed to "a feel").

You probably wouldn't ever need to use twisted.cred.pamauth. You would 
use the twisted.cred.checkers.PluggableAuthenticationModulesChecker, 
and that works just like, well, a cred checker :-)

You biggest problem is actually going to be getting PyPAM working. As 
far as I know, and as far as tummy.com knows (the original sponsors of 
PyPAM), there's been no release since 1999. I toyed with the idea of 
using it at one point, but the amount of work necessary in updating the 
python was too onerous. Perhaps you have a stronger stomach than I :-)

> If I want to build a web site where users authenticate themselves
[snip]
> cookie
[snip]
> But what if a user is trying to run a command line app
[snip]

If I'm understanding what you are asking, this isn't a cred question. 
cred is cred. It handles avatars/ids, realms, portals, etc. You can put 
anything you want in your realm (or checker, or...). It's up to you to 
provide/restrict resources based on that and it's up to you to decide 
what to do about persisting authentication information.

> Can anyone point me to Twisted code that does something like this?

I'm totally not being snotty when I say this (again): cred is cred. One 
of the really great things about it is how easy it is to do whatever 
you want. You can create interfaces that represent groups, have a 
single realm and set/check interfaces, have different realms for 
different levels of access, etc. You can have your resources implement 
your group/role interfaces. There's all kinds of stuff you can do, it 
really depends on your needs. Once you are comfortable with it and have 
written a few working toys/examples, you will see the potential. 
Writing the code necessary to plug your twisted app into somebody 
else's authentication system can be easier than doing it any other way 
(given that you are working with open, sane standards). I've actually 
written working cred code faster than other project members have 
*configured* (GUI) the user management systems I was writing against.

Here's a great resource:
   http://twistedmatrix.com/projects/core/documentation/howto/cred.html

And if you don't have the O'Reilly twisted book, do yourself a favor 
and pick up a copy. Abe did a wonderful job explaining cred very 
clearly in it.

Good luck!

d

More information about the Twisted-Python mailing list