zmq_gssapi.txt 1.75 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
zmq_gssapi(7)
============


NAME
----
zmq_gssapi - secure authentication and confidentiality


SYNOPSIS
--------

The GSSAPI mechanism defines a mechanism for secure authentication and
confidentiality for communications between a client and a server using the
Generic Security Service Application Program Interface (GSSAPI).  The GSSAPI
mechanism can be used on both public and private networks.  GSSAPI itself is
defined in IETF RFC-2743: <http://tools.ietf.org/html/rfc2743>. The ZeroMQ
GSSAPI mechanism is defined by this document: <http://rfc.zeromq.org/spec:38>.


CLIENT AND SERVER ROLES
-----------------------
A socket using GSSAPI can be either client or server, but not both.

To become either a GSSAPI client or server, the application sets the
J.T. Conklin's avatar
J.T. Conklin committed
26
ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the principal
27 28
for whom GSSAPI credentials should be acquired.

J.T. Conklin's avatar
J.T. Conklin committed
29
To become a GSSAPI server, the application additionally sets the
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57
ZMQ_GSSAPI_SERVER option on the socket.

To become a GSSAPI client, the application sets additionally sets the
ZMQ_GSSAPI_SERVICE_PRINCIPAL option to the name of the principal of the server
to which it intends to connect.  


OPTIONAL ENCRYPTION
-------------------
By default, the GSSAPI mechanism will encrypt all communications between client
and server.  If encryption is not desired (e.g. on private networks), the
client and server applications can disable it by setting the
ZMQ_GSSAPI_PLAINTEXT option.  Both the client and server must set this option
to the same value.


SEE ALSO
--------
linkzmq:zmq_setsockopt[3]
linkzmq:zmq_null[7]
linkzmq:zmq_curve[7]
linkzmq:zmq[7]


AUTHORS
-------
This page was written by the 0MQ community. To make a change please
read the 0MQ Contribution Policy at <http://www.zeromq.org/docs:contributing>.