GSS-API (Generic Security Services Application Program Interface)
Description
GSS-API is a protocol and API for establishing an authenticated channel between two endpoints. It does not provide the authentication mechanism itself, instead providing the means by which the underlying mechanism can be negotiated. At the time of writing the most commonly used mechanism was Kerberos 5, but others such as NTLM or SPKM are possible.
Network protocols that can use GSS-API for authentication include HTTP, SSH, IMAP, NFSv4 and LDAP. Be aware that some protocols provide a choice between using GSS-API or using Kerberos directly. SASL is sometimes used as a second intermediate layer.
microHOWTOs
- Configure Apache to use Kerberos authentication
- Configure Chromium to authenticate using SPNEGO and Kerberos
- Configure Firefox to authenticate using SPNEGO and Kerberos
See also
Further reading
- J Linn, Generic Security Service Application Program Interface, Version 2, Update 1, RFC 2078, IETF, January 2000