diff options
author | Eli Collins <elic@assurancetechnologies.com> | 2012-03-10 17:48:58 -0500 |
---|---|---|
committer | Eli Collins <elic@assurancetechnologies.com> | 2012-03-10 17:48:58 -0500 |
commit | d3c7d16915f7ef3919245f211b8dab8ae35ade70 (patch) | |
tree | 47e128e356e5d5363c7efdde5de944a52fd6191a /docs | |
parent | 50965db6ee2b6ff2c9227ea6c740e9513963c4f6 (diff) | |
download | passlib-d3c7d16915f7ef3919245f211b8dab8ae35ade70.tar.gz |
did rewrite of unix_fallback as unix_disabled; unix_fallback is now deprecated
Diffstat (limited to 'docs')
-rw-r--r-- | docs/lib/passlib.hash.rst | 2 | ||||
-rw-r--r-- | docs/lib/passlib.hash.unix_disabled.rst | 47 | ||||
-rw-r--r-- | docs/lib/passlib.hash.unix_fallback.rst | 52 | ||||
-rw-r--r-- | docs/lib/passlib.hosts.rst | 6 |
4 files changed, 50 insertions, 57 deletions
diff --git a/docs/lib/passlib.hash.rst b/docs/lib/passlib.hash.rst index d06fed1..1dda3b9 100644 --- a/docs/lib/passlib.hash.rst +++ b/docs/lib/passlib.hash.rst @@ -104,7 +104,7 @@ behavior found in many Linux & BSD password files: .. toctree:: :maxdepth: 1 - passlib.hash.unix_fallback + passlib.hash.unix_disabled .. _ldap-hashes: diff --git a/docs/lib/passlib.hash.unix_disabled.rst b/docs/lib/passlib.hash.unix_disabled.rst new file mode 100644 index 0000000..bfd725d --- /dev/null +++ b/docs/lib/passlib.hash.unix_disabled.rst @@ -0,0 +1,47 @@ +================================================================== +:class:`passlib.hash.unix_disabled` - Unix Disabled Account Helper +================================================================== + +.. currentmodule:: passlib.hash + +This class does not provide an encryption scheme, +but instead provides a helper for handling disabled +password fields as found in unix ``/etc/shadow`` files. + +Usage +===== +This class is mainly useful only for plugging into a +:class:`~passlib.context.CryptContext` instance. +It can be used directly as follows:: + + >>> from passlib.hash import unix_disabled as ud + + >>> # 'encrypting' a password always results in "!" or "*" + >>> ud.encrypt("password") + '!' + + >>> # verifying will fail for all passwords and hashes + >>> ud.verify("password", "!") + False + >>> ud.verify("letmein", "*NOPASSWORD*") + False + + >>> # all strings are recognized - if used in conjunction with other hashes, + >>> # this should be the last one checked. + >>> ud.identify('!') + True + >>> ud.identify('*') + True + >>> ud.identify('') + True + + +Interface +========= +.. autoclass:: unix_disabled + +Deviations +========== +According to the Linux ``shadow`` man page, an empty string is treated +as a wildcard by Linux, allowing all passwords. For security purposes, +this behavior is NOT supported; empty strings are treated the same as ``!``. diff --git a/docs/lib/passlib.hash.unix_fallback.rst b/docs/lib/passlib.hash.unix_fallback.rst deleted file mode 100644 index 4870d82..0000000 --- a/docs/lib/passlib.hash.unix_fallback.rst +++ /dev/null @@ -1,52 +0,0 @@ -================================================================== -:class:`passlib.hash.unix_fallback` - Unix Fallback Helper -================================================================== - -.. currentmodule:: passlib.hash - -This class does not provide an encryption scheme, -but instead provides a helper for handling disabled / wildcard -password fields as found in unix ``/etc/shadow`` files. - -Usage -===== -This class is mainly useful only for plugging into a :class:`~passlib.context.CryptContext`. -When used, it should always be the last scheme in the list, -as it is designed to provide a fallback behavior. -It can be used directly as follows:: - - >>> from passlib.hash import unix_fallback as uf - - >>> #'encrypting' a password always results in "!", the default reject hash. - >>> uf.encrypt("password") - '!' - - >>> #check if hash is recognized (all strings are recognized) - >>> uf.identify('!') - True - >>> uf.identify('*') - True - >>> uf.identify('') - True - - >>> #verify against non-empty string - no passwords allowed - >>> uf.verify("password", "!") - False - - >>> #verify against empty string: - >>> # * by default, no passwords allowed - >>> # * all passwords allowed IF enable_wildcard=True - >>> uf.verify("password", "") - False - >>> uf.verify("password", "", enable_wildcard=True) - True - -Interface -========= -.. autoclass:: unix_fallback - -Deviations -========== -According to the Linux ``shadow`` man page, an empty string is treated -as a wildcard by Linux, allowing all passwords. For security purposes, -this behavior is not enabled unless specifically requested by the application. diff --git a/docs/lib/passlib.hosts.rst b/docs/lib/passlib.hosts.rst index c03bbed..5ca13db 100644 --- a/docs/lib/passlib.hosts.rst +++ b/docs/lib/passlib.hosts.rst @@ -49,12 +49,10 @@ for the following Unix variants: .. note:: - All of the above contexts include the :class:`~passlib.hash.unix_fallback` handler + All of the above contexts include the :class:`~passlib.hash.unix_disabled` handler as a final fallback. This special handler treats all strings as invalid passwords, particularly the common strings ``!`` and ``*`` which are used to indicate - that an account has been disabled [#shadow]_. It can also be configured - to treat empty strings as a wildcard allowing in all passwords, - though this behavior is disabled by default for security reasons. + that an account has been disabled [#shadow]_. A quick usage example, using the :data:`!linux_context` instance:: |