Authenticators¶
An authenticator is basically a callable object that takes a socket and
“authenticates” it in some way. Upon success, it must return a tuple containing
a socket-like object and its credentials (any object), or raise an
AuthenticationError
upon failure. The credentials are any object you wish to
associate with the authentication, and it’s stored in the connection’s
configuration dict
under the key “credentials”.
There are no constraints on what the authenticators, for instance:
def magic_word_authenticator(sock):
if sock.recv(5) != "Ma6ik":
raise AuthenticationError("wrong magic word")
return sock, None
RPyC comes bundled with an authenticator for SSL
(using certificates).
This authenticator, for instance, both verifies the peer’s identity and wraps the
socket with an encrypted transport (which replaces the original socket).
Authenticators are used by Server
to
validate an incoming connection. Using them is pretty trivial
s = ThreadedServer(...., authenticator = magic_word_authenticator)
s.start()
-
exception
rpyc.utils.authenticators.
AuthenticationError
[source]¶ raised to signal a failed authentication attempt
-
class
rpyc.utils.authenticators.
SSLAuthenticator
(keyfile, certfile, ca_certs=None, cert_reqs=None, ssl_version=None, ciphers=None)[source]¶ An implementation of the authenticator protocol for
SSL
. The given socket is wrapped byssl.SSLContext.wrap_socket
and is validated based on certificatesParameters: - keyfile – the server’s key file
- certfile – the server’s certificate file
- ca_certs – the server’s certificate authority file
- cert_reqs – the certificate requirements. By default, if
ca_cert
is specified, the requirement is set toCERT_REQUIRED
; otherwise it is set toCERT_NONE
- ciphers – the list of ciphers to use, or
None
, if you do not wish to restrict the available ciphers. New in Python 2.7/3.2 - ssl_version – the SSL version to use
Refer to ssl.SSLContext for more info.
Clients can connect to this authenticator using
rpyc.utils.factory.ssl_connect()
. Classic clients can use directlyrpyc.utils.classic.ssl_connect()
which sets the correct service parameters.