2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
3
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
5
<html xmlns="http://www.w3.org/1999/xhtml">
7
<title>AMP Authentication</title>
10
<h1>AMP Authentication</h1>
15
<code class="API">epsilon.ampauth</code> integrates Twisted Cred with
16
<code>twisted.protocols.amp</code>, providing support for selecting a
17
<code>IBoxReceiver</code> based on the result of a Cred login.
21
Readers should familiarize themselves with the following concepts in
22
order to understand all sections of this document:
28
href="http://twistedmatrix.com/projects/core/documentation/howto/clients.html">TCP
30
href="http://twistedmatrix.com/projects/core/documentation/howto/servers.html">TCP
34
<a href="http://twistedmatrix.com/projects/core/documentation/howto/defer.html">
39
Twisted <code class="API" base="twisted.protocols.amp">AMP</code>
42
<a href="http://twistedmatrix.com/projects/core/documentation/howto/cred.html">
51
<code class="API" base="epsilon.ampauth">CredAMPServerFactory</code>
52
is a factory for the <code class="API"
53
base="epsilon.ampauth">CredReceiver</code> protocol, an
54
<code>AMP</code> subclass which implements responders for commands
55
which allow a client to prove their identity. It uses a
56
<code>Portal</code> to handle these commands and retrieve an <code
57
class="API" base="twisted.protocols.amp">IBoxReceiver</code> which
58
will be used to handle all further AMP boxes it receives.
61
<a href="listings/amp/auth_server.py" class="py-listing">
62
AMP server with authentication
66
<code>Add</code> and <code>Adder</code> together define a simple AMP
67
protocol for adding two integers together. <code>AdditionRealm</code>
68
provides the necessary integration between this AMP protocol and Cred,
69
creating new <code>Adder</code> instances whenever an
70
<code>IBoxReceiver</code> is requested - which will be whenever a client
71
attempts to authenticate itself to the server.
77
AMP clients can authenticate with an AMP server using <code class="API"
78
base="epsilon.ampauth">login</code>. <code>login</code> takes a
79
connected AMP instance and a credentials object as arguments and returns
80
a <code>Deferred</code> which fires when authentication finishes.
83
<a href="listings/amp/auth_client.py" class="py-listing">
84
Authenticating AMP client
88
The TCP connection is set up as usual, and the <code>Add</code> command
89
is also issued in the usual way. The only change from a normal AMP
90
client is the use of <code>login</code> after a connection has been set
91
up but before any commands are issued.
94
<h2>One-Time Pad Authentication</h2>
97
<code class="API">epsilon.ampauth</code> includes an <code class="API"
98
base="twisted.cred.checkers">CredentialsChecker</code> for validating
99
one-time pads: <code class="API"
100
base="epsilon.ampauth">OneTimePadChecker</code>. If this checker is
101
registered with the portal, clients may use the <code class="API"
102
base="epsilon.ampauth">OTPLogin</code> command to authenticate.
105
<a href="listings/amp/amp_auth_server.py" class="py-listing">
106
AMP server with OTP authentication
111
<a href="listings/amp/amp_auth_client.py" class="py-listing">
112
OTP-authenticating AMP client