Shishi is a (still incomplete) implementation of the Kerberos 5
network authentication system. Shishi can be used to authenticate
users in distributed systems.
Shishi contains a library ('libshishi') that can be used by
application developers to add support for Kerberos 5. Shishi
contains a command line utility ('shishi') that is used by users to
acquire and manage tickets (and more). The server side, a Key
Distribution Center, is implemented by 'shishid', and support X.509
authenticated TLS via GnuTLS. Of course, a manual documenting usage
aspects as well as the programming API is included.
Shishi currently supports AS/TGS exchanges for acquiring
tickets, the AP exchange for performing client and server
authentication, and SAFE/PRIV for integrity/privacy protected
application data exchanges.
Shishi is developed for the GNU/Linux system, but runs on over
20 platforms including most major Unix platforms and Windows, and
many kind of devices including iPAQ handhelds and S/390
Shishi is free software licensed under the GNU General Public
High-level AP interface now support setting raw checksum field
values. This is needed for certain applications that, like GSS-API,
put non-standard data in the checksum field of the Authenticator in
Various minor bugfixes.
GNU Generic Security Service Library (GSSLib) 0.0.9 alpha
GSS is an implementation of the Generic Security Service
Application Program Interface (GSS-API). GSS-API is used by network
servers to provide security services, e.g., to authenticate
SMTP/IMAP clients against SMTP/IMAP servers. GSS consists of a
library, a manual, and a command line tool for debugging
While written to be flexible with regards to different GSS
mechanisms, the only currently supported mechanism is Kerberos 5
via GNU Shishi.
Noteworthy changes (since 0.0.9, last version announced
Changes in 0.0.11 (released 2004-04-18)
Minor cleanups to the core header file. Using xom.h is no
longer supported (the file doesn't exist on modern systems).
Kerberos 5 sequence number handling fixed. First,
gss_init_sec_context set the sequence numbers correctly, before the
incorrect sequence numbers prevented gss_(un)wrap from working
correctly. Secondly, gss_unwrap now check the sequence numbers
correctly. This was prompted by the addition of randomized sequence
numbers by default in Shishi 0.0.15.
The compatibility files in gl/ where synced with Gnulib.
Various bugfixes and cleanups.
Polish translation added, by Jakub Bogusz.
Changes in 0.0.10 (released 2004-01-22)
A command line tool "gss" added in src/. The tool can be used
to split up an GSS-API error code into the calling error, the
routine error and the supplementary info bits, and to print text
describing the error condition.
gss_display_status can return multiple description texts (using