See for the official Zabbix site.

Active agent authentication

Jump to: navigation, search



This patch provides an implementation to authenticate active agents to the server before allowing the agent to send monitoring data.

Implementation details

The authentication module adds two new options to the host configuration: an authentication enabled flag and a password field.

With the authentication enabled, the agent must send the authentication request to the server with the SCRAM-SHA1 authentication scheme. The server will only accept and update active and passive monitoring data from authenticated agents.

An authenticated session of an agent will be maintained so long the connection is actively maintained -- either through receiving responses from passive checks or that the agent sends the request for the active checks list.

Should the agents becomes offline for 6 minutes since the last network activity with the server, the authenticated session will be timed out and the agent must reauthenticate itself again.

The change is backwards compatible with 1.8 agents.


A patch can be found here: The installation details is written in this wiki page, [1].

Future improvements

The current implementation is currently designed to work and compile under Linux, some extra work may be necessary to include libgsasl in the Windows builds. Authentication is not enforced for the following clients:

  • Between nodes
  • To Zabbix proxies
  • zabbix-get and zabbix-send doesn't have authentication support built-in yet

Zabbix forum thread

Community discussion is taking place here:

More info

More information and installation instructions can be found here: Active_agent_authentication_tech