MIT vs Heimdal comparison with respect to GSSAPI library

Jaideep Padhye jdthebigj at
Thu Jan 6 14:50:02 EST 2011

Hi experts,

This is my first post to this mailing list. Please direct me to the correct 
mailer if this one is not appropriate for such questions. I need to use a 
DCE-STYLE GSS client and server in my code and I was looking for specific data 
points to make a right decision. I think this question has been asked many times 
before and the last instance I found online is from 2008. Since it's been three 
years and lot of changes have taken place in both implementations, I was looking 
at the current status and future roadmap.

Following are the specific things I was looking out for
1] Comparison with respect to thread safety, performance (memory, speed etc.) 
2] Support for Header signing with all encryption types. I tried using Heimdal 
recently but their *_iov  functions are not feature complete yet and only 
support the AES cipher. Does MIT support all ciphers?
3] Which one is better for an event driven programming model. I would not like 
my thread to block until the gssapi finishes its communication with KDC. I would 
like my code to take care of the IO.
4] 64 bit support for Linux
5] Compliance with Microsoft implementations (all versions of Windows after 

Any other comments apart from the ones listed above will also help. 

I have already read the notes from Samba team which has provided me some 
insight. But the notes seem to be written about 2 years ago.




More information about the krbdev mailing list