GNU Generic Security Service - Libgss
This page contain information about Generic Security Service (GSS),
a free implementation of RFC 2743/2744.
If you do not know what GSS is, I suggest to read the following
GSS itself is licensed under GPLv3+, and the manual is licensed under
Refer to the GSS Manual web page for links to
the manual in all formats; however, quick links to the most popular
GSS has received some real-world testing and should be
considered beta quality.
The source code framework is in place, an outline of the
documentation is ready, and there are some simple self tests. The
Kerberos 5 mechanism (RFC 1964 and RFC 4121) supports mutual
authentication, channel bindings and the standard DES cipher. The
non-standard 3DES cipher is also implemented, but unfortunately
there are no specifications for AES. GNU
SASL can use GSS to connect to GNU
Mailutils and Cyrus IMAP servers
that use the GSS implementations from MIT Kerberos or Heimdal. GNU MailUtils
can also use GSS to serve GSSAPI clients. A SSH client and server
with GSS authentication is provided by LSH
with some patches.
GSS is developed for the GNU/Linux system, but runs on over 20
platforms including most major Unix platforms and Windows, and many
kind of devices including iPAQ handhelds and S/390 mainframes.
GSS uses GNU Shishi to implement the
Kerberos V5 mechanism.
Projects using GSS include:
Version 1.0.2 released
Version 1.0.1 released
Version 1.0.0 takes GNU GSS out of alpha testing.
0.1.3 adds support for Kerberos V5 channel bindings, paving the
road for GS2-KRB5 support in
Version 0.0.22 released under the GPLv3.
- 2004-01-22: New releases are no longer announced here. Instead,
help-gss or check the release directory from time to time. By
the way, GSS 0.0.10
was just released.
- 2004-01-15: Version 0.0.9 released, several new features, API
documentation using GTK-DOC.
- 2004-01-11: Version 0.0.8 released, various bug fixes and major
- 2004-01-01: Savannah had problems last month, and still isn't
operating fully. CVS has been moved to a private machine, a
read-only mirror of it will hopefully be available via Savannah in
- 2003-11-26: Version 0.0.7 released, fixes a problem prohibiting
3DES gss_wrap from working.
- 2003-09-22: Version 0.0.6 released,
accompanies Shishi 0.0.7.
- 2003-09-16: GSSLib can be used by OpenSSH in client mode to
support Kerberos 5 via Shishi, see my page for
the OpenSSH GSSLib patch.
- 2003-08-31: Version 0.0.5 released,
accompanies Shishi 0.0.4.
- 2003-08-10: Version 0.0.4 released, contains Kerberos 5
improvements and accompanies Shishi
- 2003-06-30: Added a page with information
about SSH authentication using this library.
- 2003-06-28: Version 0.0.2 contains limited server mode support.
GNU Mailutils can use GSS for its
native GSSAPI authentication in server mode (with
this patch), which then interoperate with (at least) the GNU SASL
command line client using GSS.
- 2003-06-02: Initial release.
A mailing list where GSS users may help each other exists, and you
can reach it by sending e-mail
to firstname.lastname@example.org. Archives
of the mailing list discussions, and an interface to manage
subscriptions, is available through the World Wide Web at
If you are interested in paid support of GSS, or sponsor the
development, please contact
me. If you provide paid services for GSS, and would like to be
mentioned here, also contact
If you find GSS useful, please consider making a donation. No
amount is too small!
The releases are distributed from
All official releases are signed with an OpenPGP key with fingerprint B565716F or
There is a Savannah
GSS project page. You
can check out
the sources by using git as
git clone git://git.savannah.gnu.org/gss.git
git interface is available.
on how to bootstrap and build the package from version controlled
For every release, we publish
cyclomatic code complexity charts for the package. There is
also self-test code coverage charts