libgssapi

A safe MIT licensed binding to gssapi

see rfc2744 for more info

gssapi is a huge and complex beast that is also very old (like Computer Chronicles old). So while this library might work for lots of mechanisms it has only been tested (so far) with Kerberos 5 using the MIT and Apple implementations.

For a simpler cross platform interface to Kerberos 5 see cross-krb5.

Example KRB5 Mutual Authentication Between Client and Server

```rust use libgssapi::{ name::Name, credential::{Cred, CredUsage}, error::Error, context::{CtxFlags, ClientCtx, ServerCtx, SecurityContext}, util::Buf, oid::{OidSet, GSSNTHOSTBASEDSERVICE, GSSMECH_KRB5}, };

fn setupserverctx( servicename: &[u8], desiredmechs: &OidSet ) -> Result<(ServerCtx, Name), Error> { let name = Name::new(servicename, Some(&GSSNTHOSTBASEDSERVICE))?; let cname = name.canonicalize(Some(&GSSMECHKRB5))?; let servercred = Cred::acquire( Some(&cname), None, CredUsage::Accept, Some(desiredmechs) )?; Ok((ServerCtx::new(&server_cred), cname)) }

fn run(servicename: &[u8]) -> Result<(), Error> { let desiredmechs = { let mut s = OidSet::new()?; s.add(&GSSMECHKRB5)?; s }; let (serverctx, cname) = setupserverctx(servicename, &desiredmechs)?; let clientcred = Cred::acquire( None, None, CredUsage::Initiate, Some(&desiredmechs) )?; let clientctx = ClientCtx::new( &clientcred, servicename, CtxFlags::GSSCMUTUALFLAG, Some(&GSSMECHKRB5) )) let mut servertok: Option = None; loop { match clientctx.step(servertok.asref().map(|b| &**b))? { None => break, Some(clienttok) => match serverctx.step(&*clienttok)? { None => break, Some(tok) => { servertok = Some(tok); } } } } let secretmsg = clientctx.wrap(true, b"super secret message")?; let decodedmsg = serverctx.unwrap(&*secretmsg)?; Ok(()) } ```