Overview#

The Generic Security Service Application Program Interface (GSSAPI, also GSS-API) is an application programming interface for programs to access security services.

The GSSAPI is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

The GSSAPI SASL Mechanisms mechanism provides a way for clients to authentication to a LDAP Directory Server using a Kerberos V5 session. Kerberos is a protocol that is commonly used for single sign-on purposes, and provides the option of using integrity and/or confidentiality to protect the communication between the client and the server.

The GSSAPI SASL Mechanism is described in RFCs 2743, RFC 2744 and RFC 4752, and a description of the exchange between the client and the server (as well as with the Kerberos KDC) are beyond the scope of this discussion.

Relationship to Kerberos[1]#

The dominant GSSAPI mechanism implementation in use is Kerberos.

Unlike the GSSAPI, the Kerberos API has not been standardized and various existing implementations may use incompatible APIs. The GSSAPI allows Kerberos implementations to be API compatible.

Configuring GSSAPI With Edirectory#

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-13) was last changed on 29-Jul-2013 14:26 by jim