libzmq/doc/zmq_gssapi.txt

zmq_gssapi(7)
============


NAME
----
zmq_gssapi - secure authentication and confidentiality


SYNOPSIS
--------

The GSSAPI mechanism defines a mechanism for secure authentication and
confidentiality for communications between a client and a server using the
Generic Security Service Application Program Interface (GSSAPI).  The GSSAPI
mechanism can be used on both public and private networks.  GSSAPI itself is
defined in IETF RFC-2743: <http://tools.ietf.org/html/rfc2743>. The ZeroMQ
GSSAPI mechanism is defined by this document: <http://rfc.zeromq.org/spec:38>.


CLIENT AND SERVER ROLES
-----------------------
A socket using GSSAPI can be either client or server, but not both.

To become a GSSAPI server, the application sets the ZMQ_GSSAPI_SERVER
option on the socket.

To become a GSSAPI client, the application sets the ZMQ_GSSAPI_SERVICE_PRINCIPAL
option to the name of the principal on the server to which it intends to
connect.

On client or server, the application may additionally set the
ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the
principal for whom GSSAPI credentials should be acquired.  If this option
is not set, default credentials are used.


OPTIONAL ENCRYPTION
-------------------
By default, the GSSAPI mechanism will encrypt all communications between client
and server.  If encryption is not desired (e.g. on private networks), the
client and server applications can disable it by setting the
ZMQ_GSSAPI_PLAINTEXT option.  Both the client and server must set this option
to the same value.


SEE ALSO
--------
linkzmq:zmq_setsockopt[3]
linkzmq:zmq_null[7]
linkzmq:zmq_curve[7]
linkzmq:zmq[7]


AUTHORS
-------
This page was written by the 0MQ community. To make a change please
read the 0MQ Contribution Policy at <http://www.zeromq.org/docs:contributing>.
Add documentation for GSSAPI options. 2014-06-19 23:57:48 -04:00			`zmq_gssapi(7)`
			`============`


			`NAME`
			`----`
			`zmq_gssapi - secure authentication and confidentiality`


			`SYNOPSIS`
			`--------`

			`The GSSAPI mechanism defines a mechanism for secure authentication and`
			`confidentiality for communications between a client and a server using the`
			`Generic Security Service Application Program Interface (GSSAPI). The GSSAPI`
			`mechanism can be used on both public and private networks. GSSAPI itself is`
			`defined in IETF RFC-2743: <http://tools.ietf.org/html/rfc2743>. The ZeroMQ`
			`GSSAPI mechanism is defined by this document: <http://rfc.zeromq.org/spec:38>.`


			`CLIENT AND SERVER ROLES`
			`-----------------------`
			`A socket using GSSAPI can be either client or server, but not both.`

gssapi: document ZMQ_GSSAPI_PRINCIPAL as optional Problem: the ZMQ_GSSAPI_PRINCIPAL socket option is described as mandatory in the zmq_gssapi(7) manual page. In fact it is optional. Solution: Describe ZMQ_GSSAPI_PRINCIPAL as optional. If unspecified, default credentials are used. 2017-04-18 11:37:40 -07:00			`To become a GSSAPI server, the application sets the ZMQ_GSSAPI_SERVER`
			`option on the socket.`
Add documentation for GSSAPI options. 2014-06-19 23:57:48 -04:00
gssapi: document ZMQ_GSSAPI_PRINCIPAL as optional Problem: the ZMQ_GSSAPI_PRINCIPAL socket option is described as mandatory in the zmq_gssapi(7) manual page. In fact it is optional. Solution: Describe ZMQ_GSSAPI_PRINCIPAL as optional. If unspecified, default credentials are used. 2017-04-18 11:37:40 -07:00			`To become a GSSAPI client, the application sets the ZMQ_GSSAPI_SERVICE_PRINCIPAL`
			`option to the name of the principal on the server to which it intends to`
			`connect.`
Add documentation for GSSAPI options. 2014-06-19 23:57:48 -04:00
gssapi: document ZMQ_GSSAPI_PRINCIPAL as optional Problem: the ZMQ_GSSAPI_PRINCIPAL socket option is described as mandatory in the zmq_gssapi(7) manual page. In fact it is optional. Solution: Describe ZMQ_GSSAPI_PRINCIPAL as optional. If unspecified, default credentials are used. 2017-04-18 11:37:40 -07:00			`On client or server, the application may additionally set the`
			`ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the`
			`principal for whom GSSAPI credentials should be acquired. If this option`
			`is not set, default credentials are used.`
Add documentation for GSSAPI options. 2014-06-19 23:57:48 -04:00

			`OPTIONAL ENCRYPTION`
			`-------------------`
			`By default, the GSSAPI mechanism will encrypt all communications between client`
			`and server. If encryption is not desired (e.g. on private networks), the`
			`client and server applications can disable it by setting the`
			`ZMQ_GSSAPI_PLAINTEXT option. Both the client and server must set this option`
			`to the same value.`


			`SEE ALSO`
			`--------`
			`linkzmq:zmq_setsockopt[3]`
			`linkzmq:zmq_null[7]`
			`linkzmq:zmq_curve[7]`
			`linkzmq:zmq[7]`


			`AUTHORS`
			`-------`
			`This page was written by the 0MQ community. To make a change please`
			`read the 0MQ Contribution Policy at <http://www.zeromq.org/docs:contributing>.`