Logo Search packages:      
Sourcecode: paramiko version File versions  Download package

def paramiko::transport::Transport::auth_password (   self,
  username,
  password,
  event = None,
  fallback = True 
)

Authenticate to the server using a password.  The username and password
are sent over an encrypted link.

If an C{event} is passed in, this method will return immediately, and
the event will be triggered once authentication succeeds or fails.  On
success, L{is_authenticated} will return C{True}.  On failure, you may
use L{get_exception} to get more detailed error information.

Since 1.1, if no event is passed, this method will block until the
authentication succeeds or fails.  On failure, an exception is raised.
Otherwise, the method simply returns.

Since 1.5, if no event is passed and C{fallback} is C{True} (the
default), if the server doesn't support plain password authentication
but does support so-called "keyboard-interactive" mode, an attempt
will be made to authenticate using this interactive mode.  If it fails,
the normal exception will be thrown as if the attempt had never been
made.  This is useful for some recent Gentoo and Debian distributions,
which turn off plain password authentication in a misguided belief
that interactive authentication is "more secure".  (It's not.)

If the server requires multi-step authentication (which is very rare),
this method will return a list of auth types permissible for the next
step.  Otherwise, in the normal case, an empty list is returned.

@param username: the username to authenticate as
@type username: string
@param password: the password to authenticate with
@type password: string
@param event: an event to trigger when the authentication attempt is
    complete (whether it was successful or not)
@type event: threading.Event
@param fallback: C{True} if an attempt at an automated "interactive"
    password auth should be made if the server doesn't support normal
    password auth
@type fallback: bool
@return: list of auth types permissible for the next stage of
    authentication (normally empty)
@rtype: list

@raise BadAuthenticationType: if password authentication isn't
    allowed by the server for this user (and no event was passed in)
@raise SSHException: if the authentication failed (and no event was
    passed in)

Definition at line 933 of file transport.py.

00933                                                                           :
        """
        Authenticate to the server using a password.  The username and password
        are sent over an encrypted link.
        
        If an C{event} is passed in, this method will return immediately, and
        the event will be triggered once authentication succeeds or fails.  On
        success, L{is_authenticated} will return C{True}.  On failure, you may
        use L{get_exception} to get more detailed error information.

        Since 1.1, if no event is passed, this method will block until the
        authentication succeeds or fails.  On failure, an exception is raised.
        Otherwise, the method simply returns.
        
        Since 1.5, if no event is passed and C{fallback} is C{True} (the
        default), if the server doesn't support plain password authentication
        but does support so-called "keyboard-interactive" mode, an attempt
        will be made to authenticate using this interactive mode.  If it fails,
        the normal exception will be thrown as if the attempt had never been
        made.  This is useful for some recent Gentoo and Debian distributions,
        which turn off plain password authentication in a misguided belief
        that interactive authentication is "more secure".  (It's not.)
        
        If the server requires multi-step authentication (which is very rare),
        this method will return a list of auth types permissible for the next
        step.  Otherwise, in the normal case, an empty list is returned.
        
        @param username: the username to authenticate as
        @type username: string
        @param password: the password to authenticate with
        @type password: string
        @param event: an event to trigger when the authentication attempt is
            complete (whether it was successful or not)
        @type event: threading.Event
        @param fallback: C{True} if an attempt at an automated "interactive"
            password auth should be made if the server doesn't support normal
            password auth
        @type fallback: bool
        @return: list of auth types permissible for the next stage of
            authentication (normally empty)
        @rtype: list
        
        @raise BadAuthenticationType: if password authentication isn't
            allowed by the server for this user (and no event was passed in)
        @raise SSHException: if the authentication failed (and no event was
            passed in)
        """
        if (not self.active) or (not self.initial_kex_done):
            # we should never try to send the password unless we're on a secure link
            raise SSHException('No existing session')
        if event is None:
            my_event = threading.Event()
        else:
            my_event = event
        self.auth_handler = AuthHandler(self)
        self.auth_handler.auth_password(username, password, my_event)
        if event is not None:
            # caller wants to wait for event themselves
            return []
        try:
            return self.auth_handler.wait_for_response(my_event)
        except BadAuthenticationType, x:
            # if password auth isn't allowed, but keyboard-interactive *is*, try to fudge it
            if not fallback or not 'keyboard-interactive' in x.allowed_types:
                raise
            try:
                def handler(title, instructions, fields):
                    if len(fields) > 1:
                        raise SSHException('Fallback authentication failed.')
                    if len(fields) == 0:
                        # for some reason, at least on os x, a 2nd request will
                        # be made with zero fields requested.  maybe it's just
                        # to try to fake out automated scripting of the exact
                        # type we're doing here.  *shrug* :)
                        return []
                    return [ password ]
                return self.auth_interactive(username, handler)
            except SSHException, ignored:
                # attempt failed; just raise the original exception
                raise x

    def auth_publickey(self, username, key, event=None):


Generated by  Doxygen 1.6.0   Back to index