(also GSS-API, Generic Security Service Application Program Interface)
GSSAPI (Generic Security Services Application Programming Interface) is an application programming interface that allows software to access security services (such as authentication, encryption, integrity checking, and secure messaging). GSSAPI is not tied to any specific vendor or protocol, letting programmers tailor security services to their application’s needs.
GSSAPI offers 45 procedure calls for applications to interact with GSSAPI implementations and perform security-related tasks.
Examples of GSSAPI procedure calls
- gss_acquire_cred(): Allows an application to obtain the necessary credentials (such as a Kerberos ticket) to authenticate or establish a security context with another party.
- gss_init_sec_context(): Takes the client’s security credentials and generates the initial context token to be sent to the server to establish a security context. The server can then use this token to continue establishing the context.
- gss_accept_sec_context(): A procedure call used by the server to accept and process a context token, verifying the client’s credentials, performing authentication checks, and generating the server’s own context token.
- gss_process_context_token(): Used by both the client and the server to process each other’s context tokens.
- gss_wrap(): Wraps (encrypts) application data into a secure message, taking the plaintext data and encapsulating it in a security token.
- gss_unwrap(): Unwraps (decrypts) a security token, extracting the original application data, performing integrity checks, and verifying the message’s authenticity.