[tahoe-dev] sftp with hashed passwords (patch fragment)
Wolfgang Strobl
news4 at mystrobl.de
Tue Mar 27 08:58:50 UTC 2012
Hi. Last week I asked whether the sftp client is supposed to support hashed passwords in private/ftp.accounts. My current need is solved by the patch below (it needs an additional "import crypt" somewhere at the beginning).
With that modification applied to frontends/auth.py, encrypted passwords (and only those) are supported by the sftp frontend.
Usage: create a hash by using htpasswd/htpasswd2 from Apache (or google
for htpasswd.py), replace the cleartext password in ftp.accounts by that hash.
Adding ".. or cleartext == cryptedpasswd" to the "if crypt.crypt(..." line
would be necessary for backward compatibility (i.e. still supporting
cleartext passwords), but there's no need for that, in my case.
- def requestAvatarId(self, credentials):
- if credentials.username in self.passwords:
- d = defer.maybeDeferred(credentials.checkPassword,
- self.passwords[credentials.username])
- d.addCallback(self._cbPasswordMatch, str(credentials.username))
- return d
- return defer.fail(error.UnauthorizedLogin())
-
+ def requestAvatarId(self, c):
+ username=str(c.username)
+ if username in self.passwords:
+ cryptedpasswd=self.passwords[username]
+ up = credentials.IUsernamePassword(c, None)
+ cleartext=up.password
+ if crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd:
+ d = defer.succeed(username)
+ d.addCallback(self._cbPasswordMatch, username)
+ return d
+ else:
+ return defer.fail(error.UnauthorizedLogin())
+
--
Wolfgang Strobl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 1361 bytes
Desc: ?ffentlicher PGP-Schl?ssel
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20120327/5656e096/attachment.key>
More information about the tahoe-dev
mailing list