Sunday, June 24, 2012

Login and password

Post from the past

RDA server now requires username and password

Fixed bugs, added login / password checking capabilities, and made a few test scripts to prove everything is working. Will add more comments tomorrow and begin work on a client GUI and dice rolling! (Note from the future: this timeline turned out to be somewhat... optimistic)

Fixed password hashing, added versioning support, added files for use with python's distutils. Oh yeah, and more comments!

Notes from the future

For right now the RDA server has a password that is set when the server is started and which must be supplied by a user when they attempt to log in.  This scheme is similar to Mumble (minus certificates) and I figured it would be a good start for the RDA.

In general I try to handle the plaintext password as little as possible - for instance, in the server's set passwd function, it takes in a plaintext password which is immediately hashed using SHA-256 and stored as a hash.  Likewise on the client, which sends the hashed password in a login message.  A lot of this functionality is provided by Twisted, but in some cases the documentation can be hard to follow.


The login responder, shown above, handles incoming login messages to the server. It first cancels a timer that gets kicked off when a user first attempts to connect to the server - if they don't offer login credentials within the time limit, they will be booted off. Then it makes sure that user is not already logged in, and that the messaging version they are using matches the messaging version the server is using. Finally, we kick off a Twisted deferred to call the authenticate method.


Authenticate is mostly filled with Twisted code which you can read about here: Cred: Pluggable Authentication. It is pretty self explanatory, either the hash matches or the user is kicked with an unauthorized login response.

I am still not happy with the credentials module - it works well enough for now however, so until I wrap my head around how it should change, it is staying as is.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)