469,271 Members | 1,743 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,271 developers. It's quick & easy.

Python code to do the *server* side of digest authentication?

Hi all,
I've got a very simple HTML proxy server to access the web from my
cell phone (based on this code: http://www.okisoft.co.jp/esc/python/proxy/).
It's a very retarded phone that freezes if there's no Content-Length
header and some other circumstances, so I have to tweak and modify the
headers received slightly. But it works quite well with these hacks.

Now I'd like to add proxy authentication so that I'm not running this
open proxy all the time. I would like to use Digest authentication
(http://en.wikipedia.org/wiki/Digest_...authentication) rather
than Basic authentication so as not to expose any plaintext password.

It appears that there are plenty of Python libraries to do the
*client* side of the authentication (e.g. urllib2) but I have not
found much code that does the *server* side of the authentication.
That is, I am looking for code to generate the WWW-Authentication
header (including appropriate nonce and opaque string) and to verify
the Authorization header sent by the client when it retries.

It does not look *too* hard to implement, but it does involve crypto
and I'd just as soon use some tried-and-true code rather than roll my
own in this case. Does anyone have any suggestions of where to find
such code?

Thanks!

Dan

Feb 15 '07 #1
2 2963
Dan Lenski wrote:
Hi all,
I've got a very simple HTML proxy server to access the web from my
cell phone (based on this code: http://www.okisoft.co.jp/esc/python/proxy/).
It's a very retarded phone that freezes if there's no Content-Length
header and some other circumstances, so I have to tweak and modify the
headers received slightly. But it works quite well with these hacks.

Now I'd like to add proxy authentication so that I'm not running this
open proxy all the time. I would like to use Digest authentication
(http://en.wikipedia.org/wiki/Digest_...authentication) rather
than Basic authentication so as not to expose any plaintext password.

It appears that there are plenty of Python libraries to do the
*client* side of the authentication (e.g. urllib2) but I have not
found much code that does the *server* side of the authentication.
That is, I am looking for code to generate the WWW-Authentication
header (including appropriate nonce and opaque string) and to verify
the Authorization header sent by the client when it retries.

It does not look *too* hard to implement, but it does involve crypto
and I'd just as soon use some tried-and-true code rather than roll my
own in this case. Does anyone have any suggestions of where to find
such code?

Thanks!

Dan
I think that is because normally the web server does the authentication on the
server side. Why not use Apache to do the digest authentication?

http://httpd.apache.org/docs/2.0/mod...th_digest.html

-Larry
Feb 15 '07 #2
On Feb 15, 3:19 pm, Larry Bates <lba...@websafe.comwrote:
I think that is because normally the web server does the authentication on the
server side. Why not use Apache to do the digest authentication?

http://httpd.apache.org/docs/2.0/mod...th_digest.html

-Larry
Hi Larry,

I'm sorry that I wasn't clear in my original post! I don't need to do
the server authentication on the proxy (WWW-Authentication and
Authorization). What I need to do is the *proxy* authentication
(Proxy-Authentication and Proxy-Authorization).

Those headers are identical to the first pair, but they are handled by
the proxy; if the client isn't authorized, then they can't use the
proxy.

Dan

Feb 15 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Emile van Sebille | last post: by
3 posts views Thread by John Reese | last post: by
2 posts views Thread by john | last post: by
2 posts views Thread by trapeze.jsg | last post: by
29 posts views Thread by Frank Millman | last post: by
16 posts views Thread by Philippe C. Martin | last post: by
13 posts views Thread by BartlebyScrivener | last post: by
1 post views Thread by CARIGAR | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.