English [en]

GNU Shishi


This page contain information about Shishi, a free implementation of the Kerberos 5 network security system.

If you do not know what Kerberos 5 is, I suggest to read the Kerberos V5 standard. Also see the page with related research papers that may be of interest.

The goals of this project are:

Shishi is licensed under the GPLv3, and the Shishi manual is licensed under the GFDL.

Table of Contents

Documentation and Status

Refer to the Shishi Manual web page for links to the manual in all formats; however, quick links to the most popular formats:

Shishi has received some real-world testing and should be considered stable, although it is still a fairly young implementation. Basic support for acquiring and managing tickets are working, as well as serving requests in a Key Distribution Center daemon. DES, 3DES and AES cipher suites are supported. A PAM module for host security is included, as well as a Shishi port of a rsh/rlogin client.

A telnet client and server with Kerberos authentication is supported via GNU InetUtils. A SSH client and server with Kerberos authentication is supported via GSS and GSS-LSH. A IMAP server with Kerberos authentication (GSSAPI SASL mechanism) is supported via GNU MailUtils. A IMAP command line client with Kerberos authentication (GSSAPI SASL mechanism) is supported via GNU SASL, which also provide authentication (including Kerberos 5 via GSSAPI) via the SASL API for any application.

Shishi is developed for the GNU/Linux system, but runs on over 20 platforms including most major Unix platforms and Windows, and many kind of devices including iPAQ handhelds and S/390 mainframes.

Shishi requires GNU Libtasn1, which is included in the package, so you do not need to install it separately.

Shishi can optionally use GnuTLS (for OpenPGP and X.509 authentication), GNU Libidn (recommended for non-ASCII support), and GNU libgcrypt.


Note that new releases are only mentioned here if they introduce a major feature or is significant in some other way. Read the info-gnu mailing list if you seek more frequent announcements.


A mailing list where Shishi users may help each other exists, and you can reach it by sending e-mail to help-shishi@gnu.org. Archives of the mailing list discussions, and an interface to manage subscriptions, is available through the World Wide Web at http://lists.gnu.org/mailman/listinfo/help-shishi.

If you are interested in paid support of Shishi, or sponsor the development, please contact me. If you provide paid services for Shishi, and would like to be mentioned here, also contact me.

The following organizations provide paid support for Shishi:

If you find GNU Shishi useful, please consider making a donation. No amount is too small!


The stable releases are distributed from ftp://ftp.gnu.org/gnu/shishi/.

All official releases are signed with an OpenPGP key with fingerprint 0xB565716F.


There is a Savannah Shishi project page. You can check out the sources by using git as follows:

$ git clone git://git.savannah.gnu.org/shishi.git

The online git interface is available.

If you have trouble using git, you may download a daily snapshot. The snapshots are prepared similar to regular releases, i.e., you simply build them using ./configure && make.

Build logs from building the package, where you can also contribute a build system for your own platform, are available from the Shishi autobuild page.

See the file README-alpha on how to bootstrap and build the package from version controlled sources.

For every release, we publish cyclomatic code complexity charts for the package. There is also self-test code coverage charts available.


Since Shishi is a library, there isn't much in the way of graphical user interfaces to show. However, the GNOME 2 port of Ticket Applet support Shishi, so we can at least show how it looks.


There is a snapshot release of Ticket Applet available from ftp://alpha.gnu.org/pub/gnu/shishi/ticket-applet-shishi-*.tar.gz.

You can also browse the CVS of the Shishi port of Ticket Applet.


 [FSF logo] “The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom. We defend the rights of all software users.”