Announcement: Android Kerberos Port with CyaSSL Embedded SSL

Chris Conlon conlon at
Tue Nov 15 16:10:16 EST 2011


yaSSL would like to announce the availability of the MIT Kerberos libraries on Android and get feedback from the krbdev mailing list on the project.

yaSSL has taken the first steps in bringing Kerberos to the Android platform.  The native MIT Kerberos libraries have been cross-compiled for Android and are now able to be used natively with the Android NDK.  yaSSL has added the CyaSSL embedded SSL library's cryptography library (CTaoCrypt) as a crypto implementation for Kerberos, allowing embedded projects to use CyaSSL's lightweight and fully functional crypto backend on Android.

In addition to the cross-compiled MIT Kerberos libraries, yaSSL has created a sample Android NDK application wrapping the functionality of kinit, klist, kvno, and kdestroy with a simple GUI front-end.  We hope this application provides a starting place for application developers interested in using Kerberos on Android.

The MIT Kerberos libraries and sample application are distributed under the MIT license (using CyaSSL's FLOSS exception) and the code will be in the MIT Kerberos code repository in the near future.  Until it has been merged into the MIT repositories, you can find the sample application on GitHub at the following URL.  The sample application includes cross-compiled Kerberos and CyaSSL libraries.  Instructions on cross compiling MIT Kerberos yourself will be released in the near future.

Our next step is to work on adding Java bindings for the native Kerberos GSS-API library on Android.  As we have looked into several methods of accomplishing this, we would like to hear what the community would like to see in the Java bindings.  Also, we would like to explore if there are any existing solutions which could be of use.  The options we have looked at thus far include:

- Porting over an existing org.ietf.jgss Java package to Android and tying that into the native GSS-API library through JNI.
- Using SWIG to generate Java wrappers to the native GSS-API.

Are you interested in using Kerberos on Android?  What do you think the best path would be for adding Java bindings?  Do you have any suggestions about the direction of the project so far?  If so, please let us know your thoughts at info at


Team yaSSL
info at

More information about the krbdev mailing list