Crate gss_api

Source
Expand description

§RustCrypto: GSS-API

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

Pure Rust implementation of Generic Security Service Application Program Interface (RFC1509, RFC2478, RFC4178, MS-SPNG).

Documentation

§About

The Generic Security Service Application Program Interface (abbreviated GSS-API or GSSAPI) enables programs to access system security services. One of the foremost security protocols used in conjunction with GSS-API is Kerberos.

GSS-API is an IETF standard designed to address the problem of many incompatible security services which provide similar functionality. By itself, does not provide any security, but instead provides a common API implemented by security-service vendors, usually in the form of libraries installed with their security software.

These libraries implement the GSS-API which can be called from application-level code, allowing the security implementation to be replaced without application-level changes.

GSS-API applications exchange opaque messages, i.e. tokens, which hide the security implementation detail from the higher-level application. The client and server sides of the application are written to convey the tokens given to them by their respective GSS-API implementations. GSS-API tokens can usually travel over an insecure network as the mechanisms provide inherent message security.

After the exchange of some number of tokens, the GSS-API implementations at both ends inform their local application that a security context is established. Once a security context is established, sensitive application messages can be wrapped (i.e. encrypted) by the GSS-API for secure communication between client and server.

Typical protections guaranteed by GSS-API wrapping include confidentiality (secrecy) and integrity (authenticity). GSS-API can also provide local guarantees about the identity of the remote user or remote host.

§Minimum Supported Rust Version

This crate requires Rust 1.65 at a minimum.

We may change the MSRV in the future, but it will be accompanied by a minor version bump.

§License

Licensed under either of:

at your option.

§Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Modules§

negotiation
Negotiation-related types

Structs§

InitialContextToken
InitialContextToken as defined in RFC 1508 Appendix B.

Type Aliases§

MechType
The MechType type is defined in RFC 1508 Appendix B.
PerMsgToken
The PerMsgToken type is defined in RFC 1508 Appendix B.
SealedMessage
The SealedMessage type is defined in RFC 1508 Appendix B.
SubsequentContextToken
The SubsequentContextToken type is defined in RFC 1508 Appendix B.