{ "info": { "author": "Mozilla Services", "author_email": "services-dev@mozilla.org", "bugtrack_url": null, "classifiers": [ "Programming Language :: Python" ], "description": "=============================\nrepoze.who.plugins.digestauth\n=============================\n\nThis is repoze.who plugin implementing HTTP's Digest Access Authentication\nas per RFC-2617:\n\n http://tools.ietf.org/html/rfc2617\n\nIt provides good support for the protocol as it is typically used in the\nwild:\n\n * both qop=\"auth\" and qop=\"auth-int\" modes\n * compatability mode for legacy clients\n * client nonce-count checking\n * next-nonce generation via the Authentication-Info header\n\nThe following features of the protocol are rarely supported by HTTP clients\nand thus have not yet been implemented:\n\n * MD5-sess, or any hash algorithm other than MD5\n * mutual authentication via the Authentication-Info header\n\n\nConfiguration\n=============\n\nConfiguration of the digest-auth plugin can be done from the standard \nrepoze.who config file like so::\n\n [plugin:digestauth]\n use = repoze.who.plugins.digestauth:make_plugin\n realm = MyRealm\n get_pwdhash = mymodule:get_pwdhash\n\nThe following configuration options are available:\n\n * realm: the realm string; included verbatim in the challenge header\n * domain: the domain string; included verbatim in the challenge header\n * qop: the desired quality of protection (\"auth\" or \"auth-int\") \n * get_password: dotted name of a callback to get the user's password\n * get_pwdhash: dotted name of a callback to get the user's password hash\n * nonce_manager: dotted name of a class to use for nonce management\n\n\nAuthentication\n==============\n\nTo authenticate a user via Digest Auth, this plugin needs access to either\ntheir raw password or their \"password hash\", which is the MD5 digest of their\nusername, password and authentication realm::\n\n def calculate_pwdhash(username, password, realm):\n return md5(\"%s:%s:%s\" % (username, realm, password)).hexdigest()\n\nYou must provide the callback function \"get_password\" or \"get_pwdhash\" to\nthe DigestAuthPlugin.\n\n\nNonce Management\n================\n\nThe security of Digest Access Authentication depends crucially on the secure\ngeneration and managent of cryptographic nonces. In order to prevent replay\nattacks the server must reject requests that have a repeated nonce.\n\nThe details of nonce management have been extracted into a separate interface,\ndefined by the repoze.who.plugins.digestauth.noncemanager:NonceManager class.\nThe default implementation uses HMAC-signed tokens and an in-memory cache of\nrecently seen nonce counts. If you have more particular needs you might like\nto implement your own NonceManager subclass.\n\n\n\n0.1.1 - 2012-01-30\n==================\n\n- Update license to MPL 2.0.", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/mozilla-services/repoze.who.plugins.digestauth", "keywords": "authentication repoze http digest", "license": "UNKNOWN", "maintainer": null, "maintainer_email": null, "name": "repoze.who.plugins.digestauth", "package_url": "https://pypi.org/project/repoze.who.plugins.digestauth/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/repoze.who.plugins.digestauth/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/mozilla-services/repoze.who.plugins.digestauth" }, "release_url": "https://pypi.org/project/repoze.who.plugins.digestauth/0.1.1/", "requires_dist": null, "requires_python": null, "summary": "repoze.who.plugins.digestauth", "version": "0.1.1" }, "last_serial": 798855, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "c4fe68e6212f3ead9d283aca3c72bc06", "sha256": "7f52cb94f5fb06d6f9fdaeafd755669c496a82496a0f575ae9394fcdda73de00" }, "downloads": -1, "filename": "repoze.who.plugins.digestauth-0.1.0.tar.gz", "has_sig": false, "md5_digest": "c4fe68e6212f3ead9d283aca3c72bc06", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17015, "upload_time": "2011-11-18T10:25:10", "url": "https://files.pythonhosted.org/packages/1a/7a/b3772fd85694f49b4aed6174eff3b644e608138cf727c452bb9dafc864ee/repoze.who.plugins.digestauth-0.1.0.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "a698a0263d6f1ebc34ecae8daa82bfc9", "sha256": "4594155a1d4171d3935176c49b8b87048a03199e1cde83c2bff4e72e96b20a81" }, "downloads": -1, "filename": "repoze.who.plugins.digestauth-0.1.1.tar.gz", "has_sig": false, "md5_digest": "a698a0263d6f1ebc34ecae8daa82bfc9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16479, "upload_time": "2012-01-30T01:58:20", "url": "https://files.pythonhosted.org/packages/a0/6f/a1f58794396ddb3fc9c0df5b6e962a6d64de48882f218db5233b45508d99/repoze.who.plugins.digestauth-0.1.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "a698a0263d6f1ebc34ecae8daa82bfc9", "sha256": "4594155a1d4171d3935176c49b8b87048a03199e1cde83c2bff4e72e96b20a81" }, "downloads": -1, "filename": "repoze.who.plugins.digestauth-0.1.1.tar.gz", "has_sig": false, "md5_digest": "a698a0263d6f1ebc34ecae8daa82bfc9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 16479, "upload_time": "2012-01-30T01:58:20", "url": "https://files.pythonhosted.org/packages/a0/6f/a1f58794396ddb3fc9c0df5b6e962a6d64de48882f218db5233b45508d99/repoze.who.plugins.digestauth-0.1.1.tar.gz" } ] }