What programs use GSS-API? Any decent sample programs?

Question

I thought I wanted to use GSS-API, but now am not so sure, since I'm having a hard time finding good sample code for a trivial client/server pair. Sun has documentation including sample code, but it's written specifically for their GSS API implementation, using a few proprietary functions not in e.g. the GNU GSS-API (and for which it's not immediately clear to me how to re-implement them against the GNU implementation). Plus, it's written in pre-ANSI C, with K&R function declarations and so on (I had no problem converting the declarations, but it did make me think the Sun example code may be so old as to be irrelevant).

Have you used the GSS-API in an application in, say, the last decade? Do you know of some self-contained tutorial with example programs that's worth reading?

Alternatively, maybe I'm on the wrong track and should try SASL instead. The GNU GSS-API author himself suggests as much.

For what it's worth, I'm using GCC on Linux, and have Kerberos set up already for other purposes.

Answer 1

Yes, you should absolutely be using SASL instead of GSSAPI. It is a much better supported protocol, and the libraries are pretty good. At the very least, you can think of it as a sanity-improving wrapper over GSSAPI, since that is one of the typical plugins implemented for SASL. The only reason you should consider using GSSAPI directly is to implement a SASL library. But don't do that. :)

SASL also has wide use. It is specified as part of IMAP and XMPP.

Are you implementing some custom protocol over TCP?

Answer 2

Sun uses the GSSAPI in their Java code. You can find a bit more information about it here:

Equivalent of 'gss_import_name' and 'gss_init_sec_context' methods in java?

Also you may want to look at the code implementation done by the folks at OpenJDK:

http://www.docjar.org/docs/api/sun/security/jgss/GSSContextImpl.html

They have published a full working example of GSSAPI written in Java.

Grant