An authenticator is basically a callable object that takes a socket and
“authenticates” it in some way. Upon success, it must return a tuple containing
a socket-like object and its credentials (any object), or raise an
AuthenticationError upon failure. The credentials are any object you wish to
associate with the authentication, and it’s stored in the connection’s
configuration dict under the key “credentials”.
There are no constraints on what the authenticators, for instance:
def magic_word_authenticator(sock): if sock.recv(5) != "Ma6ik": raise AuthenticationError("wrong magic word") return sock, None
RPyC comes bundled with an authenticator for
SSL (using certificates).
This authenticator, for instance, both verifies the peer’s identity and wraps the
socket with an encrypted transport (which replaces the original socket).
Authenticators are used by
validate an incoming connection. Using them is pretty trivial
s = ThreadedServer(...., authenticator = magic_word_authenticator) s.start()
- exception rpyc.utils.authenticators.AuthenticationError
raised to signal a failed authentication attempt
- class rpyc.utils.authenticators.SSLAuthenticator(keyfile, certfile, ca_certs=None, cert_reqs=None, ssl_version=None, ciphers=None)
An implementation of the authenticator protocol for
SSL. The given socket is wrapped by
ssl.SSLContext.wrap_socketand is validated based on certificates
keyfile – the server’s key file
certfile – the server’s certificate file
ca_certs – the server’s certificate authority file
cert_reqs – the certificate requirements. By default, if
ca_certis specified, the requirement is set to
CERT_REQUIRED; otherwise it is set to
ciphers – the list of ciphers to use, or
None, if you do not wish to restrict the available ciphers. New in Python 2.7/3.2
ssl_version – the SSL version to use
Refer to ssl.SSLContext for more info.