Startseite Erkunden Hilfe
Anmelden
Leobots
/
mdd
4
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: fbeae60d9d
Branches Tags
mdd
/
thirdparty
/
libzmq
/
doc
/
zmq_gssapi.txt

zmq_gssapi.txt 2.5 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. zmq_gssapi(7)
    2. 

  2. ============
    3. 

  3. 

  4. 

  5. NAME
    6. 

  6. ----
    7. 

  7. zmq_gssapi - secure authentication and confidentiality
    8. 

  8. 

  9. 

  10. SYNOPSIS
    11. 

  11. --------
    12. 

  12. 

  13. The GSSAPI mechanism defines a mechanism for secure authentication and
    14. 

  14. confidentiality for communications between a client and a server using the
    15. 

  15. Generic Security Service Application Program Interface (GSSAPI).  The GSSAPI
    16. 

  16. mechanism can be used on both public and private networks.  GSSAPI itself is
    17. 

  17. defined in IETF RFC-2743: <http://tools.ietf.org/html/rfc2743>. The ZeroMQ
    18. 

  18. GSSAPI mechanism is defined by this document: <http://rfc.zeromq.org/spec:38>.
    19. 

  19. 

  20. 

  21. CLIENT AND SERVER ROLES
    22. 

  22. -----------------------
    23. 

  23. A socket using GSSAPI can be either client or server, but not both.
    24. 

  24. 

  25. To become a GSSAPI server, the application sets the ZMQ_GSSAPI_SERVER
    26. 

  26. option on the socket.
    27. 

  27. 

  28. To become a GSSAPI client, the application sets the ZMQ_GSSAPI_SERVICE_PRINCIPAL
    29. 

  29. option to the name of the principal on the server to which it intends to
    30. 

  30. connect.
    31. 

  31. 

  32. On client or server, the application may additionally set the
    33. 

  33. ZMQ_GSSAPI_PRINCIPAL option to provide the socket with the name of the
    34. 

  34. principal for whom GSSAPI credentials should be acquired.  If this option
    35. 

  35. is not set, default credentials are used.
    36. 

  36. 

  37. 

  38. OPTIONAL ENCRYPTION
    39. 

  39. -------------------
    40. 

  40. By default, the GSSAPI mechanism will encrypt all communications between client
    41. 

  41. and server.  If encryption is not desired (e.g. on private networks), the
    42. 

  42. client and server applications can disable it by setting the
    43. 

  43. ZMQ_GSSAPI_PLAINTEXT option.  Both the client and server must set this option
    44. 

  44. to the same value.
    45. 

  45. 

  46. 

  47. PRINCIPAL NAMES
    48. 

  48. ---------------
    49. 

  49. Principal names specified with the ZMQ_GSSAPI_SERVICE_PRINCIPAL or
    50. 

  50. ZMQ_GSSAPI_PRINCIPAL options are interpreted as "host based" name types
    51. 

  51. by default.  The ZMQ_GSSAPI_PRINCIPAL_NAMETYPE and
    52. 

  52. ZMQ_GSSAPI_SERVICE_PRINCIPAL_NAMETYPE options may be used to change the
    53. 

  53. name type to one of:
    54. 

  54. 

  55. *ZMQ_GSSAPI_NT_HOSTBASED*::
    56. 

  56. The name should be of the form "service" or "service@hostname",
    57. 

  57. which will parse into a principal of "service/hostname"
    58. 

  58. in the local realm.  This is the default name type.
    59. 

  59. *ZMQ_GSSAPI_NT_USER_NAME*::
    60. 

  60. The name should be a local username, which will parse into a single-component
    61. 

  61. principal in the local realm.
    62. 

  62. *ZMQ_GSSAPI_NT_KRB5_PRINCIPAL*::
    63. 

  63. The name is a principal name string.  This name type only works with
    64. 

  64. the krb5 GSSAPI mechanism.
    65. 

  65. 

  66. 

  67. SEE ALSO
    68. 

  68. --------
    69. 

  69. linkzmq:zmq_setsockopt[3]
    70. 

  70. linkzmq:zmq_null[7]
    71. 

  71. linkzmq:zmq_curve[7]
    72. 

  72. linkzmq:zmq[7]
    73. 

  73. 

  74. 

  75. AUTHORS
    76. 

  76. -------
    77. 

  77. This page was written by the 0MQ community. To make a change please
    78. 

  78. read the 0MQ Contribution Policy at <http://www.zeromq.org/docs:contributing>.
    79.