Why is such a function useful? Consider the case where a server has received a name from a client and wants to look up that name in an Access Control List. (An Access Control List, or ACL, is a list of principals with particular access persmissions.) One way to do this would be as follows:
Import the client name into GSS-API internal format with gss_import_name(), if it hasn't already been imported.
In some cases, the server will receive a name in internal format, so this step will not be necessary — in particular, if the server is looking up the client's own name. (During context initiation, the client's own name is passed in internal format.)
Import each name in the ACL with gss_import_name().
That procedure is fine if you only need to compare the client's name with a few names. However, it is a very slow way to check a large list! Running gss_import_name() and gss_compare_name() for every name in the ACL might require a lot of CPU cycles. This is a better way:
Import the client's name with gss_import_name() (if it hasn't already been imported).
As with the previous method of comparing names, in some cases the server receives a name in internal format and so this step is not necessary.
Use gss_canonicalize_name() to produce an MN of the client's name.
Because gss_export_name() expects a Mechanism Name (MN), you must run gss_canonicalize_name() on the client's name first.
See the gss_canonicalize_name(3GSS), gss_export_name(3GSS), and gss_import_name(3GSS) man pages for more information.