auth.thread¶
Classes¶
ThreadAuthenticator
¶
-
class
zmq.auth.thread.
ThreadAuthenticator
(context=None, encoding='utf-8', log=None)¶ Run ZAP authentication in a background thread
-
allow
(*addresses)¶ Allow (whitelist) IP address(es).
Connections from addresses not in the whitelist will be rejected.
- For NULL, all clients from this address will be accepted.
- For real auth setups, they will be allowed to continue with authentication.
whitelist is mutually exclusive with blacklist.
-
auth
= None¶
-
configure_curve
(domain='*', location='')¶ Configure CURVE authentication for a given domain.
CURVE authentication uses a directory that holds all public client certificates, i.e. their public keys.
To cover all domains, use “*”.
You can add and remove certificates in that directory at any time. configure_curve must be called every time certificates are added or removed, in order to update the Authenticator’s state
To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.
-
configure_curve_callback
(domain='*', credentials_provider=None)¶ Configure CURVE authentication for a given domain.
CURVE authentication using a callback function validating the client public key according to a custom mechanism, e.g. checking the key against records in a db. credentials_provider is an object of a class which implements a callback method accepting two parameters (domain and key), e.g.:
class CredentialsProvider(object): def __init__(self): ...e.g. db connection def callback(self, domain, key): valid = ...lookup key and/or domain in db if valid: logging.info('Autorizing: {0}, {1}'.format(domain, key)) return True else: logging.warning('NOT Autorizing: {0}, {1}'.format(domain, key)) return False
To cover all domains, use “*”.
To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.
-
configure_plain
(domain='*', passwords=None)¶ Configure PLAIN authentication for a given domain.
PLAIN authentication uses a plain-text password file. To cover all domains, use “*”. You can modify the password file at any time; it is reloaded automatically.
-
context
= None¶
-
deny
(*addresses)¶ Deny (blacklist) IP address(es).
Addresses not in the blacklist will be allowed to continue with authentication.
Blacklist is mutually exclusive with whitelist.
-
encoding
= None¶
-
is_alive
()¶ Is the ZAP thread currently running?
-
log
= None¶
-
pipe
= None¶
-
pipe_endpoint
= ''¶
-
start
()¶ Start the authentication thread
-
stop
()¶ Stop the authentication thread
-
thread
= None¶
-