GSS-API Programming Guide


The GSS-API Programming Guide explains the Generic Security Services Application Programming Interface — the GSS-API. The GSS-API is a framework that allows developers to write applications that take advantage of security mechanisms such as Kerberos v5, without having to explicitly program for any one mechanism. Programs using the GSS-API therefore can be highly portable, not only from one platform to another, but from one security setup to another and from one transport protocol to another. The GSS-API provides several levels of data protection, consistent with the underlying security mechanims that have been implemented on a system.

Who Should Use This Book

The GSS-API Programming Guide is intended for C-language developers who want to write programs that transfer data from one application to another securely, such as client-server programs. No specific knowledge of transport protocols or network programming is necessary to understand or use the GSS-API. (Of course, you will need to understand these areas in order to write networking applications, since the GSS-API does not itself perform transport.)

Before You Read This Book

You should be familiar with C programming. A basic knowledge of security mechanisms is helpful but not required. You do not need to have specialized knowledge about network programming to use this book.

How This Book Is Organized

Chapter 1, The GSS-API: An Overview provides an overview of the GSS-API. It explains the general steps involved in using the GSS-API, covers the basic concepts, and details a few of the most important functions.

Chapter 2, A Walk–Through of the Sample GSS-API Programs is a walk-through of the sample programs listed in Appendix A, Sample C–Based GSS-API Programs.

Appendix A, Sample C–Based GSS-API Programs is a program listing for two sample programs: a GSS-API client and a GSS-API server.

Appendix B, GSS-API Reference provides reference information on GSS-API functions, status codes, and data types.

Appendix C, Specifying an OID is a short discussion about specifying a security mechanism in the GSS-API.

Appendix D, Sun-Specific Features explains some features that are unique to Sun's implementation of the GSS-API.

Appendix E, Kerberos v5 Status Codes contains tables showing the status codes returned by the Kerberos v5 security mechanism.

Glossary is a list of words and phrases found in this book and their definitions.

Related Documentation

You might find the following to be helpful:

Two documents provide descriptions of the GSS-API (and are somewhat more oriented toward the GSS-API implementor than to the application developer). The Generic Security Service Application Program Interface document ( provides a conceptual overview of the GSS-API, while the Generic Security Service API Version 2: C-Bindings document ( discusses the specifics of the C-language-based GSS-API.

Ordering Sun Documents, an Internet professional bookstore, stocks select product documentation from Sun Microsystems, Inc.

For a list of documents and how to order them, visit the Sun Documentation Center on at

Accessing Sun Documentation Online

The docs.sun.comSM Web site enables you to access Sun technical documentation online. You can browse the archive or search for a specific book title or subject. The URL is

Typographic Conventions

The following table describes the typographic changes used in this book.

Table P–1 Typographic Conventions

Typeface or Symbol 




 The names of commands, files, and directories; on-screen computer output

Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.


 What you type, contrasted with on-screen computer output

machine_name% su



 Command-line placeholder: replace with a real name or value

To delete a file, type rm filename.


Book titles, new words, or terms, or words to be emphasized. 

Read Chapter 6 in User's Guide.

These are called class options.

You must be root to do this.

Shell Prompts in Command Examples

The following table shows the default system prompt and superuser prompt for the C shell, Bourne shell, and Korn shell.

Table P–2 Shell Prompts



 C shell promptmachine_name%
 C shell superuser promptmachine_name#
 Bourne shell and Korn shell prompt$
 Bourne shell and Korn shell superuser prompt#