This chapter describes the C language bindings for the routines
that make up the Generic Security Services Application Programming
The GSSAPI provides security services to its callers, and
is intended for implementation atop alternative underlying cryptographic
mechanisms. In this manual, the underlying cryptographic mechanism
is assumed to be Kerberos.
The GSSAPI allows a communicating application to authenticate
the user associated with another application, to delegate rights
to another application, and to apply security services such as confidentiality and
integrity on a per-message basis.
There are four stages to using the GSSAPI:
acquires a set of credentials with which it can prove its identity
to other processes.
A pair of communicating applications
establish a joint security context using their credentials. The security
context is a pair of GSSAPI data structures that contain shared
Per-message services are
invoked to apply either integrity and data origin authentication,
or confidentiality, integrity, and data authentication to application
At the completion of a communications
session, the peer applications call GSSAPI routines to delete the security
Routines described in this chapter are implemented in the
Generic Security Service library (GSS$RTL.EXE for 64-bit
interfaces, or GSS$RTL32.EXE for 32-bit
interfaces) in SYS$LIBRARY.