This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!
Project Description

This is repoze.who plugin implementing HTTP’s Digest Access Authentication as per RFC-2617:

http://tools.ietf.org/html/rfc2617

It provides good support for the protocol as it is typically used in the wild:

  • both qop=”auth” and qop=”auth-int” modes
  • compatability mode for legacy clients
  • client nonce-count checking
  • next-nonce generation via the Authentication-Info header

The following features of the protocol are rarely supported by HTTP clients and thus have not yet been implemented:

  • MD5-sess, or any hash algorithm other than MD5
  • mutual authentication via the Authentication-Info header

Configuration

Configuration of the digest-auth plugin can be done from the standard repoze.who config file like so:

[plugin:digestauth]
use = repoze.who.plugins.digestauth:make_plugin
realm = MyRealm
get_pwdhash = mymodule:get_pwdhash

The following configuration options are available:

  • realm: the realm string; included verbatim in the challenge header
  • domain: the domain string; included verbatim in the challenge header
  • qop: the desired quality of protection (“auth” or “auth-int”)
  • get_password: dotted name of a callback to get the user’s password
  • get_pwdhash: dotted name of a callback to get the user’s password hash
  • nonce_manager: dotted name of a class to use for nonce management

Authentication

To authenticate a user via Digest Auth, this plugin needs access to either their raw password or their “password hash”, which is the MD5 digest of their username, password and authentication realm:

def calculate_pwdhash(username, password, realm):
    return md5("%s:%s:%s" % (username, realm, password)).hexdigest()

You must provide the callback function “get_password” or “get_pwdhash” to the DigestAuthPlugin.

Nonce Management

The security of Digest Access Authentication depends crucially on the secure generation and managent of cryptographic nonces. In order to prevent replay attacks the server must reject requests that have a repeated nonce.

The details of nonce management have been extracted into a separate interface, defined by the repoze.who.plugins.digestauth.noncemanager:NonceManager class. The default implementation uses HMAC-signed tokens and an in-memory cache of recently seen nonce counts. If you have more particular needs you might like to implement your own NonceManager subclass.

0.1.1 - 2012-01-30

  • Update license to MPL 2.0.
Release History

Release History

0.1.1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1.0

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
repoze.who.plugins.digestauth-0.1.1.tar.gz (16.5 kB) Copy SHA256 Checksum SHA256 Source Jan 30, 2012

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting