auth¶
Module: auth
¶
Utilities for ZAP authentication.
To run authentication in a background thread, see zmq.auth.thread
.
For integration with the tornado eventloop, see zmq.auth.ioloop
.
New in version 14.1.
Authenticator
¶
-
class
zmq.auth.
Authenticator
(context=None, encoding='utf-8', log=None)¶ Implementation of ZAP authentication for zmq connections.
Note: - libzmq provides four levels of security: default NULL (which the Authenticator does
not see), and authenticated NULL, PLAIN, and CURVE, which the Authenticator can see.- until you add policies, all incoming NULL connections are allowed
(classic ZeroMQ behavior), and all PLAIN and CURVE connections are denied.
Methods
-
allow
(*addresses)¶ Allow (whitelist) IP address(es).
Connections from addresses not in the whitelist will be rejected.
- For NULL, all clients from this address will be accepted.
- For PLAIN and CURVE, they will be allowed to continue with authentication.
whitelist is mutually exclusive with blacklist.
-
configure_curve
(domain='*', location=None)¶ Configure CURVE authentication for a given domain.
CURVE authentication uses a directory that holds all public client certificates, i.e. their public keys.
To cover all domains, use “*”.
You can add and remove certificates in that directory at any time.
To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.
-
configure_plain
(domain='*', passwords=None)¶ Configure PLAIN authentication for a given domain.
PLAIN authentication uses a plain-text password file. To cover all domains, use “*”. You can modify the password file at any time; it is reloaded automatically.
-
deny
(*addresses)¶ Deny (blacklist) IP address(es).
Addresses not in the blacklist will be allowed to continue with authentication.
Blacklist is mutually exclusive with whitelist.
-
handle_zap_message
(msg)¶ Perform ZAP authentication
-
start
()¶ Create and bind the ZAP socket
-
stop
()¶ Close the ZAP socket
Functions¶
-
zmq.auth.
create_certificates
(key_dir, name, metadata=None)¶ Create zmq certificates.
Returns the file paths to the public and secret certificate files.
-
zmq.auth.
load_certificate
(filename)¶ Load public and secret key from a zmq certificate.
Returns (public_key, secret_key)
If the certificate file only contains the public key, secret_key will be None.
If there is no public key found in the file, ValueError will be raised.
-
zmq.auth.
load_certificates
(directory='.')¶ Load public keys from all certificates in a directory