Although the GSS-API makes protecting data simple, it does not do certain things, in order to maximize its generic nature. These include:
Provide security credentials for a user or application. These must be provided by the underlying security mechanism(s). The GSS-API does allow applications to acquire credentials, either automatically or explicitly.
Transfer data between applications. It is the application's responsibility to handle the transfer of all data between peers, whether it is security-related or “plain” data.
Distinguish between different types of transmitted data (for example, to know or determine that a data packet is plain data and not GSS–API related).
Indicate status due to remote (asynchronous) errors.
Automatically protect information sent between processes of a multiprocess program.
Allocate string buffers to be passed to GSS-API functions. See Strings and Similar Data.
Deallocate GSS-API data spaces. These must be explicitly deallocated with functions such as gss_release_buffer() and gss_delete_name().