Overview#The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services.
The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use today.
The GSSAPI SASL Mechanisms mechanism provides a way for clients to authentication to a LDAP Directory Server using a Kerberos V5 session. Kerberos is a protocol that is commonly used for single sign-on purposes, and provides the option of using integrity and/or confidentiality to protect the communication between the client and the server.
The GSSAPI SASL Mechanism is described in RFCs 2743, RFC 2744 and RFC 4752, and a description of the exchange between the client and the server (as well as with the Kerberos KDC) are beyond the scope of this discussion.Kerberos.
More Information#There might be more information for this subject on one of the following:
- Authentication Method
- Best Practices for LDAP Security
- Glossary Of LDAP And Directory Terminology
- Kerberos Error Codes
- Quality of Protection
- Security Support Provider Interface (SPPI)
- [#1] - http://en.wikipedia.org/wiki/Generic_Security_Services_Application_Program_Interface - based on 2013-04-10