The prototype for a AuthDomain generic authentication callback.
The callback should look up the user's password, call check_password , and use the return value from that method as its own return value.
In general, for security reasons, it is preferable to use the auth-domain-specific auth callbacks (eg, AuthDomainBasicAuthCallback and AuthDomainDigestAuthCallback), because they don't require keeping a cleartext password database. Most users will use the same password for many different sites, meaning if any site with a cleartext password database is compromised, accounts on other servers might be compromised as well. For many of the cases where Server is used, this is not really relevant, but it may still be worth considering.
domain | |
msg |
the Message being authenticated |
username |
the username from |
user_data |
the data passed to set_generic_auth_callback |
|