auth.thread

Module: auth.thread

ZAP Authenticator in a Python Thread.

New in version 14.1.

Classes

ThreadAuthenticator

class zmq.auth.thread.ThreadAuthenticator(context=None, encoding='utf-8', log=None)

Run ZAP authentication in a background thread

allow(*addresses)

Allow (whitelist) IP address(es).

Connections from addresses not in the whitelist will be rejected.

  • For NULL, all clients from this address will be accepted.
  • For real auth setups, they will be allowed to continue with authentication.

whitelist is mutually exclusive with blacklist.

auth = None
configure_curve(domain='*', location='')

Configure CURVE authentication for a given domain.

CURVE authentication uses a directory that holds all public client certificates, i.e. their public keys.

To cover all domains, use “*”.

You can add and remove certificates in that directory at any time. configure_curve must be called every time certificates are added or removed, in order to update the Authenticator’s state

To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.

configure_curve_callback(domain='*', credentials_provider=None)

Configure CURVE authentication for a given domain.

CURVE authentication using a callback function validating the client public key according to a custom mechanism, e.g. checking the key against records in a db. credentials_provider is an object of a class which implements a callback method accepting two parameters (domain and key), e.g.:

class CredentialsProvider(object):

    def __init__(self):
        ...e.g. db connection

    def callback(self, domain, key):
        valid = ...lookup key and/or domain in db
        if valid:
            logging.info('Autorizing: {0}, {1}'.format(domain, key))
            return True
        else:
            logging.warning('NOT Autorizing: {0}, {1}'.format(domain, key))
            return False

To cover all domains, use “*”.

To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.

configure_plain(domain='*', passwords=None)

Configure PLAIN authentication for a given domain.

PLAIN authentication uses a plain-text password file. To cover all domains, use “*”. You can modify the password file at any time; it is reloaded automatically.

context = None
deny(*addresses)

Deny (blacklist) IP address(es).

Addresses not in the blacklist will be allowed to continue with authentication.

Blacklist is mutually exclusive with whitelist.

encoding = None
is_alive()

Is the ZAP thread currently running?

log = None
pipe = None
pipe_endpoint = ''
start()

Start the authentication thread

stop()

Stop the authentication thread

thread = None