# libgssapi A safe MIT licensed binding to gssapi see [rfc2744](https://tools.ietf.org/html/rfc2744.html) for more info gssapi is a huge and complex beast that is also very old (like [Computer Chronicles](https://youtu.be/wpXnqBfgvPM?list=PLR6RS8PTcoXT4g8SgQEww7QMe8Vtv5LKe) old). So while this library might work for lots of mechanisms it has only been tested (so far) with Kerberos 5 using the MIT and Apple implementations. For a simpler cross platform interface to Kerberos 5 see [cross-krb5](https://crates.io/crates/cross-krb5). ### Example KRB5 Mutual Authentication Between Client and Server ```rust use libgssapi::{ name::Name, credential::{Cred, CredUsage}, error::Error, context::{CtxFlags, ClientCtx, ServerCtx, SecurityContext}, util::Buf, oid::{OidSet, GSS_NT_HOSTBASED_SERVICE, GSS_MECH_KRB5}, }; fn setup_server_ctx( service_name: &[u8], desired_mechs: &OidSet ) -> Result<(ServerCtx, Name), Error> { let name = Name::new(service_name, Some(&GSS_NT_HOSTBASED_SERVICE))?; let cname = name.canonicalize(Some(&GSS_MECH_KRB5))?; let server_cred = Cred::acquire( Some(&cname), None, CredUsage::Accept, Some(desired_mechs) )?; Ok((ServerCtx::new(&server_cred), cname)) } fn run(service_name: &[u8]) -> Result<(), Error> { let desired_mechs = { let mut s = OidSet::new()?; s.add(&GSS_MECH_KRB5)?; s }; let (server_ctx, cname) = setup_server_ctx(service_name, &desired_mechs)?; let client_cred = Cred::acquire( None, None, CredUsage::Initiate, Some(&desired_mechs) )?; let client_ctx = ClientCtx::new( &client_cred, service_name, CtxFlags::GSS_C_MUTUAL_FLAG, Some(&GSS_MECH_KRB5) )) let mut server_tok: Option = None; loop { match client_ctx.step(server_tok.as_ref().map(|b| &**b))? { None => break, Some(client_tok) => match server_ctx.step(&*client_tok)? { None => break, Some(tok) => { server_tok = Some(tok); } } } } let secret_msg = client_ctx.wrap(true, b"super secret message")?; let decoded_msg = server_ctx.unwrap(&*secret_msg)?; Ok(()) } ```