1ZMQ_GSSAPI(7)                     0MQ Manual                     ZMQ_GSSAPI(7)
2
3
4

NAME

6       zmq_gssapi - secure authentication and confidentiality
7

SYNOPSIS

9       The GSSAPI mechanism defines a mechanism for secure authentication and
10       confidentiality for communications between a client and a server using
11       the Generic Security Service Application Program Interface (GSSAPI).
12       The GSSAPI mechanism can be used on both public and private networks.
13       GSSAPI itself is defined in IETF RFC-2743:
14       http://tools.ietf.org/html/rfc2743. The ZeroMQ GSSAPI mechanism is
15       defined by this document: http://rfc.zeromq.org/spec:38.
16

CLIENT AND SERVER ROLES

18       A socket using GSSAPI can be either client or server, but not both.
19
20       To become a GSSAPI server, the application sets the ZMQ_GSSAPI_SERVER
21       option on the socket.
22
23       To become a GSSAPI client, the application sets the
24       ZMQ_GSSAPI_SERVICE_PRINCIPAL option to the name of the principal on the
25       server to which it intends to connect.
26
27       On client or server, the application may additionally set the
28       ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the
29       principal for whom GSSAPI credentials should be acquired. If this
30       option is not set, default credentials are used.
31

OPTIONAL ENCRYPTION

33       By default, the GSSAPI mechanism will encrypt all communications
34       between client and server. If encryption is not desired (e.g. on
35       private networks), the client and server applications can disable it by
36       setting the ZMQ_GSSAPI_PLAINTEXT option. Both the client and server
37       must set this option to the same value.
38

PRINCIPAL NAMES

40       Principal names specified with the ZMQ_GSSAPI_SERVICE_PRINCIPAL or
41       ZMQ_GSSAPI_PRINCIPAL options are interpreted as "host based" name types
42       by default. The ZMQ_GSSAPI_PRINCIPAL_NAMETYPE and
43       ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE options may be used to change the
44       name type to one of:
45
46       ZMQ_GSSAPI_NT_HOSTBASED
47           The name should be of the form "service" or "service@hostname",
48           which will parse into a principal of "service/hostname" in the
49           local realm. This is the default name type.
50
51       ZMQ_GSSAPI_NT_USER_NAME
52           The name should be a local username, which will parse into a
53           single-component principal in the local realm.
54
55       ZMQ_GSSAPI_NT_KRB5_PRINCIPAL
56           The name is a principal name string. This name type only works with
57           the krb5 GSSAPI mechanism.
58

SEE ALSO

60       zmq_setsockopt(3) zmq_null(7) zmq_curve(7) zmq(7)
61

AUTHORS

63       This page was written by the 0MQ community. To make a change please
64       read the 0MQ Contribution Policy at
65       http://www.zeromq.org/docs:contributing.
66
67
68
690MQ 4.3.4                         01/22/2022                     ZMQ_GSSAPI(7)
Impressum