I don't know what authenticator pyzmq provides. zauth is part of CZMQ. If your binding doesn't provide an authenticator then you need to write your own.
On Mon, Feb 1, 2016 at 3:05 PM, Jonas Thiem <[email protected]> wrote: > Sorry, I forgot this part which might be relevant: > We configure the authenticator with this code line: > > self.auth.configure_curve(domain='*', > location=self.public_key_temp_dir) > > Basically all I'm wondering is how to find out WHICH of the public > keys the client used to identify (of those in the specified > location/key folder) after I successfully received a message from a > logged in client. > > > On Mon, Feb 1, 2016 at 2:56 PM, Jonas Thiem <[email protected]> wrote: >> Thanks for the exhaustive answer! >> >> We use zmq.auth.thread.ThreadAuthenticator in pyzmq - I guess this is >> the default zauth implementation you mentioned. >> >> Are there any plans to add this to zauth in the near future? Is there >> another good way of identifying the users securely? (Others should >> have hit this same scenario before, right?) Or is everyone just >> writing custom authenticators for their projects to make this work? >> >> Regards, >> Jonas Thiem >> >> On Sun, Jan 31, 2016 at 3:49 PM, Pieter Hintjens <[email protected]> wrote: >>> There are several independent protocols and APIs at work here. >>> >>> First, CurveZMQ governs the handshake itself, and ZMTP wraps that in a >>> transport protocol as the CURVE mechanism. Then, ZAP connects an >>> external authenticator. There is *no* authenticator in libzmq so by >>> default, CURVE connections are refused. Then you have the per-message >>> properties, which the authenticator can set as it wishes. One of these >>> might be the public key. That would be the only way to access it. >>> User-Id is an example property, a field you might pull from a >>> certificate. >>> >>> The most popular authenticator is czmq/zauth.c, which you can read. I >>> see a comment in that class: >>> >>> // TODO: load metadata from certificate and return via ZAP response >>> >>> So without digging deeper, I assume it's not returning any metadata. >>> The code predates the zmq_msg_gets () api and needs some love now. >>> >>> If you really want to understand this flow (and it's not trivial, >>> sorry) then perhaps this is the place to start: bring zauth up to >>> scratch so it returns all metadata and the public key from the >>> certificate. >>> >>> -Pieter >>> >>> On Fri, Jan 29, 2016 at 2:23 PM, Jonas Thiem <[email protected]> >>> wrote: >>>> Hi, >>>> >>>> I am trying to solve the following: using the standard CURVE mechanism >>>> for authentication, how can I get either the full public key or the >>>> fingerprint of the public key the client used to connect, from a >>>> received message frame from that respective client? >>>> >>>> zmq_msg_gets seems to retrieve all sorts of possibly useful fields set >>>> by the authenticator mechanism ("User-Id", ..). However, this just seems >>>> to be briefly mentioned at http://api.zeromq.org/4-2:zmq-msg-gets >>>> without a comprehensive list, and the only guide on Curve ZMQ I could >>>> find http://curvezmq.org/page:read-the-docs seems to be more of a >>>> specification of the raw protocol, not the api of the zmq default >>>> implementation. >>>> >>>> In addition, "User-Id" specifically just seems to contain "user" (as an >>>> actual string) for my test, which doesn't really seem to be useful >>>> information(?). >>>> >>>> Therefore, I wondered whether there is: >>>> >>>> 1. a complete list/documentation of all fields set by the curve ZAP >>>> mechanism as provided in the standard implementation (like "User-Id" and >>>> others) >>>> >>>> 2. a specific field or some other helper function that allows me to >>>> obtain the respective public key of a message frame >>>> >>>> Sorry if I missed some obvious guide that contains all this info, please >>>> feel free to link if there is one! >>>> >>>> Regards, >>>> Jonas Thiem >>>> _______________________________________________ >>>> zeromq-dev mailing list >>>> [email protected] >>>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev >>> _______________________________________________ >>> zeromq-dev mailing list >>> [email protected] >>> http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
