Home       Trees       Indices       Help   
PyXMPP2
Package pyxmpp2 :: Package sasl :: Module core :: Class PasswordManager
[hide private]

Class PasswordManager

Base class for password managers.

Password manager is an object responsible for providing or verification of authentication credentials.

All the methods of PasswordManager class may be overriden in derived classes for specific authentication and authorization policy.

Nested Classes [hide private]
  __metaclass__
Metaclass for defining Abstract Base Classes (ABCs).
Instance Methods [hide private]
unicode,`unicode` tuple.
get_password(self, username, realm=None, acceptable_formats=(u'plain'))
Get the password for user authentication.
bool
check_password(self, username, password, realm=None)
Check the password validity.
list of unicode
get_realms(self)
Get available realms list.
unicode
choose_realm(self, realm_list)
Choose an authentication realm from the list provided by the server.
bool
check_authzid(self, authzid, extra_info=None)
Check if the authenticated entity is allowed to use given authorization id.
unicode
get_serv_type(self)
Return the service type for DIGEST-MD5 'digest-uri' field.
unicode
get_serv_host(self)
Return the host name for DIGEST-MD5 'digest-uri' field.
unicode
get_serv_name(self)
Return the service name for DIGEST-MD5 'digest-uri' field.
bytes
generate_nonce(self)
Generate a random string for digest authentication challenges.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]
  __abstractmethods__ = frozenset([])
  _abc_cache = <_weakrefset.WeakSet object at 0x88d128c>
  _abc_negative_cache = <_weakrefset.WeakSet object at 0x88d12cc>
  _abc_negative_cache_version = 10
  _abc_registry = <_weakrefset.WeakSet object at 0x88d122c>
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

get_password(self, username, realm=None, acceptable_formats=(u'plain'))

 

Get the password for user authentication.

[both client or server]

By default returns (None, None) providing no password. Should be overriden in derived classes unless only check_password functionality is available.

Parameters:
  • username (unicode) - the username for which the password is requested.
  • realm (unicode) - the authentication realm for which the password is requested.
  • acceptable_formats (sequence of unicode) - a sequence of acceptable formats of the password data. Could be "plain" (plain text password), "md5:user:realm:password" (MD5 hex digest of user:realm:password) or any other mechanism-specific encoding. This allows non-plain-text storage of passwords. But only "plain" format will work with all password authentication mechanisms.
Returns: unicode,`unicode` tuple.
the password and its encoding (format).

check_password(self, username, password, realm=None)

 

Check the password validity.

[server only]

Used by plain-text authentication mechanisms.

Default implementation: retrieve a "plain" password for the username and realm using self.get_password and compare it with the password provided.

May be overrided e.g. to check the password against some external authentication mechanism (PAM, LDAP, etc.).

Parameters:
  • username (unicode) - the username for which the password verification is requested.
  • password (unicode) - the password to verify.
  • realm (unicode) - the authentication realm for which the password verification is requested.
Returns: bool
True if the password is valid.

get_realms(self)

 

Get available realms list.

[server only]

Returns: list of unicode
a list of realms available for authentication. May be empty -- the client may choose its own realm then or use no realm at all.

choose_realm(self, realm_list)

 

Choose an authentication realm from the list provided by the server.

[client only]

By default return the first realm from the list or None if the list is empty.

Parameters:
  • realm_list (sequence of unicode) - the list of realms provided by a server.
Returns: unicode
the realm chosen.

check_authzid(self, authzid, extra_info=None)

 

Check if the authenticated entity is allowed to use given authorization id.

[server only]

By default return True if the authzid is None or empty or it is equal to extra_info["username"] (if the latter is present).

Parameters:
  • authzid (unicode) - an authorization id.
  • extra_info (mapping) - information about an entity got during the authentication process. This is a mapping with arbitrary, mechanism-dependent items. Common keys are 'username' or 'realm'.
Returns: bool
True if the authenticated entity is authorized to use the provided authorization id.

get_serv_type(self)

 

Return the service type for DIGEST-MD5 'digest-uri' field.

Should be overriden in derived classes.

Returns: unicode
the service type ("unknown" by default)

get_serv_host(self)

 

Return the host name for DIGEST-MD5 'digest-uri' field.

Should be overriden in derived classes.

Returns: unicode
the host name ("unknown" by default)

get_serv_name(self)

 

Return the service name for DIGEST-MD5 'digest-uri' field.

Should be overriden in derived classes.

Returns: unicode
the service name or None (which is the default).

generate_nonce(self)

 

Generate a random string for digest authentication challenges.

The string should be cryptographicaly secure random pattern.

Returns: bytes
the string generated.

   Home       Trees       Indices       Help   
PyXMPP2
Generated by Epydoc 3.0.1 on Sun Jul 10 09:22:50 2011 http://epydoc.sourceforge.net