An authenticator is basically a callable object that takes a socket and
“authenticates” it in some way. Upon success, it must return a tuple containing
a socket-like object and its credentials (any object), or raise an
AuthenticationError upon failure. The credentials are any object you wish to
associate with the authentication, and it’s stored in the connection’s
configuration dict under the key “credentials”.
There are no constraints on what the authenticators, for instance:
def magic_word_authenticator(sock): if sock.recv(5) != "Ma6ik": raise AuthenticationError("wrong magic word") return sock, None
RPyC comes bundled with an authenticator for
SSL (using certificates).
This authenticator, for instance, both verifies the peer’s identity and wraps the
socket with an encrypted transport (which replaces the original socket).
Authenticators are used by
validate an incoming connection. Using them is pretty trivial
s = ThreadedServer(...., authenticator = magic_word_authenticator) s.start()
raised to signal a failed authentication attempt
SSLAuthenticator(keyfile, certfile, ca_certs=None, cert_reqs=None, ssl_version=None, ciphers=None)[source]¶
An implementation of the authenticator protocol for
SSL. The given socket is wrapped by
ssl.SSLContext.wrap_socketand is validated based on certificates
- keyfile – the server’s key file
- certfile – the server’s certificate file
- ca_certs – the server’s certificate authority file
- cert_reqs – the certificate requirements. By default, if
ca_certis specified, the requirement is set to
CERT_REQUIRED; otherwise it is set to
- ciphers – the list of ciphers to use, or
None, if you do not wish to restrict the available ciphers. New in Python 2.7/3.2
- ssl_version – the SSL version to use
Refer to ssl.SSLContext for more info.
Clients can connect to this authenticator using
rpyc.utils.factory.ssl_connect(). Classic clients can use directly
rpyc.utils.classic.ssl_connect()which sets the correct service parameters.