GSS-API (Generic Security Services Application Program Interface)


GSS-API is a protocol and API for establishing an authenticated channel between two endpoints. It does not provide the authentication mechanism itself, instead providing the means by which the underlying mechanism can be negotiated. At the time of writing the most commonly used mechanism was Kerberos 5, but others such as NTLM or SPKM are possible.

Network protocols that can use GSS-API for authentication include HTTP, SSH, IMAP, NFSv4 and LDAP. Be aware that some protocols provide a choice between using GSS-API or using Kerberos directly. SASL is sometimes used as a second intermediate layer.


See also

Further reading