I can't seem to find an example anywhere of how to use GNU's SASL with the gssapi mechanism. I've tried starting it up like this (just guessing how the thing works):
gsasl_init(&ctx);
gsasl_client_start(ctx, "GSSAPI", &session);
But I get a GSASL_UNKNOWN_MECHANISM error from gsasl_client_start. Does anyone know how to use gsasl? Could someone point me to a tutorial?
This is clearly due to the library not being built with GSSAPI support; looking at the source (`libgasl-1.8.1'), the only place that can return this is:
// src/xstart.c
static int
setup (Gsasl * ctx,
const char *mech,
Gsasl_session * sctx,
size_t n_mechs, Gsasl_mechanism * mechs, int clientp)
{
Gsasl_mechanism *mechptr = NULL;
int res;
mechptr = find_mechanism (mech, n_mechs, mechs);
if (mechptr == NULL)
return GSASL_UNKNOWN_MECHANISM;
So this means it's not a case of the library supporting it but it can't find resources on the computer that back it up (kerberos, for instance).
When I attempted to compile this on my own system, configure did not enable GSSAPI because it couldn't find something important:
...
checking if DIGEST-MD5 should be used... yes
checking if SCRAM-SHA-1 should be used... yes
checking if SAML20 should be used... yes
checking if OPENID20 should be used... yes
configure: checking for GSS implementation (yes)
configure: auto-detecting GSS/MIT/Heimdal
configure: use --with-gssapi-impl=IMPL to hard code
configure: where IMPL is `gss', `mit', or `heimdal'
checking for libgss... no
configure: WARNING: GNU GSS not found (see http://www.gnu.org/software/gss/)...
configure: WARNING: Auto-detecting MIT/Heimdal is unreliable, disabling GSSAPI
checking if KERBEROS_V5 should be used... no
...
so either some underlying package is missing, you need to fetch a related but differently named package (that includes this support), or you need to build it yourself with options that enable what you want.