GNU Generic Security Service Library (GSSLib)

Table of Contents

• Introduction
• Status
• News
• Support
• Downloading
• Development

Introduction

This page contain information about Generic Security Service (GSS), a free implementation of RFC 2743/2744.

If you do not know what GSS is, I suggest using the following resources.

• GSSAPIv2u1 specification (RFC 2743)
• GSSAPIv2u1 C bindings (RFC 2744)
• Sun's GSS-API Programming Guide

GSS itself is licensed under GPL, and the manual is licensed under FDL.

Documentation and Status

Refer to the GSS Manual web page for links to the manual in all formats; however, quick links to the most popular formats:

• Online HTML manual
• PDF manual
• API reference in HTML

GSS has received very little real-world testing and should be considered alpha quality.

The source code framework is in place, an outline of the documentation is ready, and there are some simple self tests. The Kerberos 5 mechanism (RFC 1964) supports mutual authentication and the standard DES cipher. The non-standard 3DES cipher is also implemented, but unfortunately there are no specifications for AES. GNU SASL can use GSS to connect to GNU Mailutils and Cyrus IMAP servers that use the GSS implementations from MIT Kerberos or Heimdal. GNU MailUtils can also use GSS to serve GSSAPI clients. A SSH client and server with GSS authentication is provided by LSH with some patches.

GSS is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

GSS uses Shishi to implement the Kerberos V5 mechanism.

Projects using GSS include:

• GNU SASL.
• GNU Mailutils.
• Curl.
• Fetchmail.

News

2004-01-22

New releases are no longer announced here. Instead, read help-gss or check the release directory from time to time. By the way, GSS 0.0.10 was just released.

2004-01-15

Version 0.0.9 released, several new features, API documentation using GTK-DOC.

2004-01-11

Version 0.0.8 released, various bug fixes and major documentation revamp.

2004-01-01

Savannah had problems last month, and still isn't operating fully. CVS has been moved to a private machine, a read-only mirror of it will hopefully be available via Savannah in the future.

2003-11-26

Version 0.0.7 released, fixes a problem prohibiting 3DES gss_wrap from working.

2003-09-22

Version 0.0.6 released, accompanies Shishi 0.0.7.

2003-09-16

GSSLib can be used by OpenSSH in client mode to support Kerberos 5 via Shishi, see my page for the OpenSSH GSSLib patch.

2003-08-31

Version 0.0.5 released, accompanies Shishi 0.0.4.

2003-08-10

Version 0.0.4 released, contains Kerberos 5 improvements and accompanies Shishi 0.0.1.

2003-06-30

Added a page with information about SSH authentication using this library.

2003-06-28

Version 0.0.2 contains limited server mode support. GNU Mailutils can use GSS for its native GSSAPI authentication in server mode (with this patch), which then interoperate with (at least) the GNU SASL command line client using GSS.

2003-06-02

Initial release.

Support

A mailing list where GSS users may help each other exists, and you can reach it by sending e-mail to help-gss@gnu.org. Archives of the mailing list discussions, and an interface to manage subscriptions, is available through the World Wide Web at http://lists.gnu.org/mailman/listinfo/help-gss.

If you are interested in paid support of GSS, or sponsor the development, please contact me. If you provide paid services for GSS, and would like to be mentioned here, also contact me.

If you find GSS useful, please consider making a donation. No amount is too small!

Downloading

The releases are distributed from ftp://alpha.gnu.org/gnu/gss/ and http://josefsson.org/gss/releases/.

All official releases are signed with an OpenPGP key with fingerprint 0xB565716F.

Development

GSS is developed in CVS on a private machine. At irregular intervals, it is synchronized against a publicly available machine (just press enter at the password prompt):

$ cvs -d :pserver:anoncvs@yxa.extundo.com:/home/cvs/public-cvs login
Logging in to :pserver:anoncvs@yxa.extundo.com:2401/home/cvs/public-cvs
CVS password:
$ cvs -d :pserver:anoncvs@yxa.extundo.com:/home/cvs/public-cvs co gss

See the file README-alpha on how to bootstrap and build the package from CVS.

The online CVS repository is available, and there is also some CVS statistics.

A log of recent CVS activity is also available. If you prefer a mailing list, notifications of each CVS change is also sent to gss-commit@gnu.org.

If you have trouble using CVS, you may download a daily snapshot. The snapshots are prepared similar to regular releases, i.e., you simply build them using ./configure && make. There are also daily Debian packages built from the daily snapshot source code.

Before each release, the package is built on many platforms. The latest results from the autobuilder are available online.

Return to GNU's home page.

Please send FSF & GNU inquiries & questions to gnu@gnu.org. There are also other ways to contact the FSF.

Please send comments on these web pages to webmasters@gnu.org, send other questions to gnu@gnu.org.

Copyright (C) 2001, 2003 Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA

Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.

Updated: $Date: 2006/04/25 15:37:30 $ $Author: jas $