[zeromq-dev] Using ZeroMQ Security with gssapi

Peter Kleiweg pkleiweg at xs4all.nl
Mon Jan 19 17:05:47 CET 2015

Mike Gatny schreef op de 18e dag van de louwmaand van het jaar 2015:

> But there is a gist!
> https://gist.github.com/cbusbey/11265987
> We wrote this example back when we started the gssapi implementation, in
> the same spirit as Pieter's blog post examples.  If you need something
> more, I'll be happy to work something up for you.

So, I need a machine with kerberos enabled and root access? I 
don't have that. I will have to see how I can get Kerberos 
enabled on my own machine. Kerberos is horrible.

(many hours later)

I got kerberos running. With the help of this:

Except for the last part: krb5-rsh -x hostname. I get "Wrong 
principal in request", and that's an error the page doesn't 
cater for.

Let's try anyway...

Added commands to sudoers

Changed the principal in gssapi-client.c.

kinit... works
klist shows my ticket

(peter) ~/tmp sudo ./gssapi-client &
[1] 15060
(peter) ~/tmp [gss-client] waiting for msg...

(peter) ~/tmp sudo ./gssapi-server
[gss-server] sending...
(peter) ~/tmp 
(peter) ~/tmp 

No further output. Killing client...

[gssapi-client ] GSSAPI test FAILED

What now? Wrong setup of kerberos? Do I also need to change the 
"host" in gssapi-client.c and gssapi-server.c

Peter Kleiweg

More information about the zeromq-dev mailing list