Although GSS-API makes protecting data simple, GSS-API avoids some tasks that would not be consistent with GSS-API's generic nature. Accordingly, GSS-API does not perform the following activities:
Provide security credentials for users or applications. Credentials must be provided by the underlying security mechanisms. GSS-API does allow applications to acquire credentials, either automatically or explicitly.
Transfer data between applications. The application has the responsibility for handling the transfer of all data between peers, whether the data is security-related or plain data.
Distinguish between different types of transmitted data. For example, GSS-API does not know whether a data packet is plain data or encrypted.
Indicate status due to asynchronous errors.
Protect by default information that has been sent between processes of a multiprocess program.
Allocate string buffers to be passed to GSS-API functions. See Strings and Similar Data in GSS-API.
Deallocate GSS-API data spaces. This memory must be explicitly deallocated with functions such as gss_release_buffer() and gss_delete_name().