Authenticators

An authenticator is basically a callable object that takes a socket and “authenticates” it in some way. Upon success, it must return a tuple containing a socket-like object and its credentials (any object), or raise an AuthenticationError upon failure. The credentials are any object you wish to associate with the authentication, and it’s stored in the connection’s configuration dict under the key “credentials”.

There are no constraints on what the authenticators, for instance:

def magic_word_authenticator(sock):
    if sock.recv(5) != "Ma6ik":
        raise AuthenticationError("wrong magic word")
    return sock, None

RPyC comes bundled with an authenticator for SSL (using certificates). This authenticator, for instance, both verifies the peer’s identity and wraps the socket with an encrypted transport (which replaces the original socket).

Authenticators are used by Server to validate an incoming connection. Using them is pretty trivial

s = ThreadedServer(...., authenticator = magic_word_authenticator)
s.start()
exception rpyc.utils.authenticators.AuthenticationError[source]

raised to signal a failed authentication attempt

class rpyc.utils.authenticators.SSLAuthenticator(keyfile, certfile, ca_certs=None, cert_reqs=None, ssl_version=None, ciphers=None)[source]

An implementation of the authenticator protocol for SSL. The given socket is wrapped by ssl.SSLContext.wrap_socket and is validated based on certificates

Parameters:

  • keyfile – the server’s key file

  • certfile – the server’s certificate file

  • ca_certs – the server’s certificate authority file

  • cert_reqs – the certificate requirements. By default, if ca_cert is specified, the requirement is set to CERT_REQUIRED; otherwise it is set to CERT_NONE

  • ciphers – the list of ciphers to use, or None, if you do not wish to restrict the available ciphers. New in Python 2.7/3.2

  • ssl_version – the SSL version to use

Refer to ssl.SSLContext for more info.

Clients can connect to this authenticator using rpyc.utils.factory.ssl_connect(). Classic clients can use directly rpyc.utils.classic.ssl_connect() which sets the correct service parameters.