• Jim Garlick's avatar
    gssapi: use GSS_C_BOTH to acquire credentials · f2b579ce
    Jim Garlick authored
    Problem: if client sets the ZMQ_GSSAPI_PRINCIPAL to a valid
    principal, authentication fails.
    
    When an application sets ZMQ_GSSAPI_PRINCIPAL, whether as a
    client or a server, libzmq internally calls gss_acquire_cred()
    with cred_usage=GSS_C_ACCEPT.  This cred_usage setting is for
    acceptors (servers) only, thus it doesn't work for initiators
    (clients).
    
    Solution: Change the cred_usage parameter to GSS_C_BOTH to allow
    initiators to set ZMQ_GSSAPI_PRINCIPAL.
    f2b579ce
gssapi_mechanism_base.cpp 9.5 KB