Python GSSAPI Wrapper

1.11.1 · active · verified Thu Apr 09

The `gssapi` library provides a Python wrapper for the Generic Security Service Application Programming Interface (GSSAPI), enabling applications to perform secure authentication and communication over various security mechanisms like Kerberos. As of version 1.11.1, it's actively maintained with frequent patch releases and minor updates every few months, often improving platform support and build processes.

Warnings

gotcha The `gssapi` library is a Python wrapper for an underlying C GSSAPI library. This external C library (e.g., Kerberos development headers) must be installed on your system separately. `pip install gssapi` only installs the Python binding, not the core GSSAPI implementation.
Fix: Install system-level GSSAPI development packages. Examples include `libkrb5-dev` (Debian/Ubuntu), `krb5-devel` (RHEL/CentOS), or `krb5` (Homebrew on macOS).
breaking The minimum required Python version has increased over time. As of version `1.11.1`, Python `3.9+` is required. Older versions like `1.8.1` required `3.7+`.
Fix: Ensure your Python environment is version `3.9` or higher. Refer to the `requires_python` metadata on PyPI for specific version compatibility if targeting an older `gssapi` release.
breaking Release `v1.8.0` was yanked from PyPI due to a critical bug related to its `requires_python` metadata. Release `v1.11.0` was also not properly pushed to PyPI due to a classifier bug and should be avoided.
Fix: Avoid installing `gssapi==1.8.0` or `gssapi==1.11.0`. Use `gssapi==1.8.1` or `gssapi==1.11.1` (or newer) instead.
gotcha Building `gssapi` from source (e.g., if no pre-built wheels are available for your OS/Python version) requires `Cython` to be installed. While `pip` usually handles this for PEP 517 sdist, explicit pre-installation of `Cython` can prevent build failures in some environments.
Fix: Ensure `Cython` is installed (`pip install Cython`) before attempting to install `gssapi` from source, or use environments where pre-built wheels are readily available.

Install

pip install gssapi Install latest version

Imports

gssapi
```
import gssapi
```
Name
```
from gssapi import Name
```
SecurityContext
```
from gssapi import SecurityContext
```

KRB5_NT_PRINCIPAL_NAME

from gssapi.names import KRB5_NT_PRINCIPAL_NAME

Quickstart

This quickstart demonstrates how to create GSSAPI Name objects, which are fundamental for identity representation. Note that `gssapi` requires a system-level GSSAPI C library to function correctly.

import gssapi
from gssapi.names import KRB5_NT_PRINCIPAL_NAME, NT_HOSTBASED_SERVICE

# GSSAPI operations heavily rely on an underlying C GSSAPI library
# (e.g., Kerberos dev headers) being installed on the system.
# This example will likely raise GSSError if not properly configured.

try:
    # Example 1: Create a Kerberos principal name
    user_principal = "username@REALM.EXAMPLE.COM"
    name_user = gssapi.Name(user_principal, KRB5_NT_PRINCIPAL_NAME)
    print(f"Created user principal name: {name_user.display_name}")

    # Example 2: Create a host-based service name
    service_principal = "host/hostname.example.com@REALM.EXAMPLE.COM"
    name_service = gssapi.Name(service_principal, NT_HOSTBASED_SERVICE)
    print(f"Created service principal name: {name_service.display_name}")

except gssapi.exceptions.GSSError as e:
    print(f"WARNING: GSSAPI operation failed. "
          f"Ensure a GSSAPI C library (e.g., Kerberos dev headers) is installed and configured on your system. Error: {e}")
except ImportError:
    print("ERROR: 'gssapi' library not found. Please install it using 'pip install gssapi'.")

view raw JSON →