auth.ioloop

Module: auth.ioloop

ZAP Authenticator integrated with the tornado IOLoop.

New in version 14.1.

IOLoopAuthenticator

class zmq.auth.ioloop.IOLoopAuthenticator(context=None, encoding='utf-8', log=None, io_loop=None)

ZAP authentication for use in the tornado IOLoop

allow(*addresses)

Allow (whitelist) IP address(es).

Connections from addresses not in the whitelist will be rejected.

  • For NULL, all clients from this address will be accepted.
  • For real auth setups, they will be allowed to continue with authentication.

whitelist is mutually exclusive with blacklist.

configure_curve(domain='*', location=None)

Configure CURVE authentication for a given domain.

CURVE authentication uses a directory that holds all public client certificates, i.e. their public keys.

To cover all domains, use “*”.

You can add and remove certificates in that directory at any time.

To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.

configure_gssapi(domain='*', location=None)

Configure GSSAPI authentication

Currently this is a no-op because there is nothing to configure with GSSAPI.

configure_plain(domain='*', passwords=None)

Configure PLAIN authentication for a given domain.

PLAIN authentication uses a plain-text password file. To cover all domains, use “*”. You can modify the password file at any time; it is reloaded automatically.

curve_user_id(client_public_key)

Return the User-Id corresponding to a CURVE client’s public key

Default implementation uses the z85-encoding of the public key.

Override to define a custom mapping of public key : user-id

This is only called on successful authentication.

Parameters:client_public_key (bytes) – The client public key used for the given message
Returns:user_id – The user ID as text
Return type:unicode
deny(*addresses)

Deny (blacklist) IP address(es).

Addresses not in the blacklist will be allowed to continue with authentication.

Blacklist is mutually exclusive with whitelist.

handle_zap_message(msg)

Perform ZAP authentication

start()

Start ZAP authentication

stop()

Stop ZAP authentication