3party/libzmq
0
0
Fork 0
mirror of https://github.com/zeromq/libzmq.git synced 2025-01-14 01:37:56 +08:00
Code Issues Projects Releases Wiki Activity
libzmq/doc/zmq_gssapi.adoc
Francesco Montorsi b6ca9b2983 Feature: modernize API documentation 
* migrate from the old, unmaintained "asciidoc-py" tool to the new "asciidoctor" generator
* migrate from asciidoc-py syntax to the modern Asciidoc syntax (especially page titles and section titles)
* remove the need of "xmlto" utility to create the manpage output; use asciidoctor for that
* add HTML output support to the doc/Makefile by using asciidoctor
* change API documentation files extension from .txt to .adoc to make it more explicit that they are Asciidoc-encoded (as a bonus several IDE plugins will autodetect the .adoc format as Asciidoc)
* remove asciidoc.conf: asciidoctor does not support that; this also required replacing the macro linkzmq into all documentation pages
* add a new Github action CI do deploy to Github Pages the static HTMLs produced by Asciidoctors
* removed references to the "xmlto" and "a2x" tools from the build and packaging systems: Asciidoctor can convert the documentation directly to e.g. pdf (via extended converters) and anyway there was no code/target for using "xmlto" and "a2x" tools anyway
2023-10-25 23:59:38 +02:00

71 lines
2.5 KiB
Plaintext
Raw Blame History

= zmq_gssapi(7)
== NAME
zmq_gssapi - secure authentication and confidentiality
== SYNOPSIS
The GSSAPI mechanism defines a mechanism for secure authentication and
confidentiality for communications between a client and a server using the
Generic Security Service Application Program Interface (GSSAPI). The GSSAPI
mechanism can be used on both public and private networks. GSSAPI itself is
defined in IETF RFC-2743: <http://tools.ietf.org/html/rfc2743>. The ZeroMQ
GSSAPI mechanism is defined by this document: <http://rfc.zeromq.org/spec:38>.
== CLIENT AND SERVER ROLES
A socket using GSSAPI can be either client or server, but not both.
To become a GSSAPI server, the application sets the ZMQ_GSSAPI_SERVER
option on the socket.
To become a GSSAPI client, the application sets the ZMQ_GSSAPI_SERVICE_PRINCIPAL
option to the name of the principal on the server to which it intends to
connect.
On client or server, the application may additionally set the
ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the
principal for whom GSSAPI credentials should be acquired. If this option
is not set, default credentials are used.
== OPTIONAL ENCRYPTION
By default, the GSSAPI mechanism will encrypt all communications between client
and server. If encryption is not desired (e.g. on private networks), the
client and server applications can disable it by setting the
ZMQ_GSSAPI_PLAINTEXT option. Both the client and server must set this option
to the same value.
== PRINCIPAL NAMES
Principal names specified with the ZMQ_GSSAPI_SERVICE_PRINCIPAL or
ZMQ_GSSAPI_PRINCIPAL options are interpreted as "host based" name types
by default. The ZMQ_GSSAPI_PRINCIPAL_NAMETYPE and
ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE options may be used to change the
name type to one of:
*ZMQ_GSSAPI_NT_HOSTBASED*::
The name should be of the form "service" or "service@hostname",
which will parse into a principal of "service/hostname"
in the local realm. This is the default name type.
*ZMQ_GSSAPI_NT_USER_NAME*::
The name should be a local username, which will parse into a single-component
principal in the local realm.
*ZMQ_GSSAPI_NT_KRB5_PRINCIPAL*::
The name is a principal name string. This name type only works with
the krb5 GSSAPI mechanism.
== SEE ALSO
xref:zmq_setsockopt.adoc[zmq_setsockopt]
xref:zmq_null.adoc[zmq_null]
xref:zmq_curve.adoc[zmq_curve]
xref:zmq.adoc[zmq]
== AUTHORS
This page was written by the 0MQ community. To make a change please
read the 0MQ Contribution Policy at <http://www.zeromq.org/docs:contributing>.
Reference in New Issue View Git Blame Copy Permalink