Hi Josh, Josh Heitzman wrote: > I dug around a bit. What Unix systems used to was called crypt. Some > are currently a salt + MD5, but apparently the better algorithm is > considered to be bcrypt, which includes a 128-bit salt and uses are > variable cycle encryption algorithm. > > A python implementation of bcrypt can be had here > http://www.mindrot.org/projects/py-bcrypt, but pehaps all AuthKit needs > a mechanism for the client to specify a function it should call to > compare a submitted password to a stored password. By default AuthKit > would supply a function that just did a straight comparison, keeping > the default behavior as it is now, but allowing the client to override > that with whatever password encryption scheme they prefer. > > Sound reasonable?
This already exists actually. You just need to specify a custom valid_password() function (or digest_password() if you are using HTTP digest). It is documented here: http://authkit.org/docs/manual.html#basic-http-1-0-authentication Since you mentioned bcrypt, here's an example I expect would work: from authkit.authenticate import middleware, test_app import bcrypt def valid(environ, username, password): if not environ.has_key('authkit.users'): raise Exception("You haven't setup any users") users = environ['authkit.users'] if users.passwords.has_key(username.lower()): hashed = users.passwords[username.lower()] return bcrypt.hashpw(password, hashed) == hashed return False app = middleware( test_app, method='basic', realm='Test Realm', users_valid=valid ) from paste.httpserver import serve serve(app, host='0.0.0.0', port=8080) Cheers, James --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
