Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Introduction to the Kerberos Products and GSS-API
Generic Security Service Application Programming Interface (GSS-API)
Chapter 262
With an Open System architecture, GSS-API provides portability in a
heterogeneous environment. It contains all the GSS-APIs specified in
RFC 2743. It is implemented as a package of C-language interfaces as
defined in RFC 2744, "Generic Security Service API: C-bindings." The
Kerberos Version 5 GSS-API Mechanism is explained in RFC 1964.
GSS-API provides secure communication between two peers with a
security context established by an exchange of tokens. As shown in
Figure 2-5, “GSS-API Operation,” GSS-API is independent of
communication protocols. The GSS-API libraries on the two hosts are
responsible for creating and processing the tokens, but the application is
responsible for transporting the tokens between the client and the
server.
Figure 2-5 GSS-API
Operation
It is the GSS-API caller’s responsibility to transfer GSS-API-provided
data element to the peer end to parse communicated messages, and to
separate GSS-API related data elements from caller-provided data.
GSS-API provides either context level tokens or per-message tokens for
the caller to transport and get the results.
GSS-API filesets are listed in the following two tables:
Application Application
GSS-API Transport Transport GSS-API
Mech-1 Mech-2 Mech-1 Mech-2