Limitations of GSS-API
Although GSS-API makes protecting data simple, GSS-API avoids some tasks that would not be consistent with GSS-API's generic nature. Accordingly, GSS-API does not perform the following activities:
-
Provide security credentials for users or applications. Credentials must be provided by the underlying security mechanisms. GSS-API does allow applications to acquire credentials, either automatically or explicitly.
-
Transfer data between applications. The application has the responsibility for handling the transfer of all data between peers, whether the data is security-related or plain data.
-
Distinguish between different types of transmitted data. For example, GSS-API does not know whether a data packet is plain data or encrypted.
-
Indicate status due to asynchronous errors.
-
Protect by default information that has been sent between processes of a multiprocess program.
-
Allocate string buffers to be passed to GSS-API functions. See Strings and Similar Data in GSS-API.
-
Deallocate GSS-API data spaces. This memory must be explicitly deallocated with functions such as gss_release_buffer() and gss_delete_name().
- © 2010, Oracle Corporation and/or its affiliates