auth.thread¶
Classes¶
ThreadAuthenticator
¶
- class zmq.auth.thread.ThreadAuthenticator(context=None, encoding='utf-8', log=None)¶
Run ZAP authentication in a background thread
- allow(*addresses)¶
Allow (whitelist) IP address(es).
Connections from addresses not in the whitelist will be rejected.
For NULL, all clients from this address will be accepted.
For real auth setups, they will be allowed to continue with authentication.
whitelist is mutually exclusive with blacklist.
- auth = None¶
- configure_curve(domain='*', location='')¶
Configure CURVE authentication for a given domain.
CURVE authentication uses a directory that holds all public client certificates, i.e. their public keys.
To cover all domains, use “*”.
You can add and remove certificates in that directory at any time. configure_curve must be called every time certificates are added or removed, in order to update the Authenticator’s state
To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.
- configure_curve_callback(domain='*', credentials_provider=None)¶
Configure CURVE authentication for a given domain.
CURVE authentication using a callback function validating the client public key according to a custom mechanism, e.g. checking the key against records in a db. credentials_provider is an object of a class which implements a callback method accepting two parameters (domain and key), e.g.:
class CredentialsProvider(object): def __init__(self): ...e.g. db connection def callback(self, domain, key): valid = ...lookup key and/or domain in db if valid: logging.info('Authorizing: {0}, {1}'.format(domain, key)) return True else: logging.warning('NOT Authorizing: {0}, {1}'.format(domain, key)) return False
To cover all domains, use “*”.
To allow all client keys without checking, specify CURVE_ALLOW_ANY for the location.
- configure_plain(domain='*', passwords=None)¶
Configure PLAIN authentication for a given domain.
PLAIN authentication uses a plain-text password file. To cover all domains, use “*”. You can modify the password file at any time; it is reloaded automatically.
- context = None¶
- deny(*addresses)¶
Deny (blacklist) IP address(es).
Addresses not in the blacklist will be allowed to continue with authentication.
Blacklist is mutually exclusive with whitelist.
- encoding = None¶
- is_alive()¶
Is the ZAP thread currently running?
- log = None¶
- pipe = None¶
- pipe_endpoint = ''¶
- start()¶
Start the authentication thread
- stop()¶
Stop the authentication thread
- thread = None¶