Skip to main content

Python GSSAPI Wrapper

Project description

Python-GSSAPI provides both low-level and high level wrappers around the GSSAPI C libraries. While it focuses on the Kerberos mechanism, it should also be useable with other GSSAPI mechanisms.

Documentation can be found at



  • A working implementation of GSSAPI (such as from MIT Kerberos) which supports delegation and includes header files

  • a C compiler (such as GCC)

  • Python 3.7+ (older releases support older versions, but are unsupported)

  • the decorator python package

Compiling from Scratch

To compile from scratch, you will need Cython >= 0.29.29 which is automatically installed by pip in an isolated build virtual environment.

For Running the Tests

  • the k5test package

To install test dependencies using pip:

$ pip install -r test-requirements.txt # Optional, for running test suite


Easy Way

$ pip install gssapi

From the Git Repo

After being sure to install all the requirements,

$ git clone
$ pip install .


The tests for for Python-GSSAPI live in gssapi.tests. In order to run the tests, you must have an MIT Kerberos installation (including the KDC). The tests create a self-contained Kerberos setup, so running the tests will not interfere with any existing Kerberos installations.


Python-GSSAPI is composed of two parts: a low-level C-style API which thinly wraps the underlying RFC 2744 methods, and a high-level, Pythonic API (which is itself a wrapper around the low-level API). Examples may be found in the examples directory.

Low-Level API

The low-level API lives in gssapi.raw. The methods contained therein are designed to match closely with the original GSSAPI C methods. All relevant methods and classes may be imported directly from gssapi.raw. Extension methods will only be imported if they are present. The low-level API follows the given format:

  • Names match the RFC 2744 specification, with the gssapi_ prefix removed

  • Parameters which use C int constants as enums have enum.IntEnum classes defined, and thus may be passed either the enum members or integers

  • In cases where a specific constant is passed in the C API to represent a default value, None should be passed instead

  • In cases where non-integer constants would be used in the API (i.e. OIDs), enum-like objects have been defined containing named references to values specified in RFC 2744.

  • Major and minor error codes are returned by raising gssapi.raw.GSSError. The major error codes have exceptions defined in in gssapi.raw.exceptions to make it easier to catch specific errors or categories of errors.

  • All other relevant output values are returned via named tuples.

High-Level API

The high-level API lives directly under gssapi. The classes contained in each file are designed to provide a more Pythonic, Object-Oriented view of GSSAPI. The exceptions from the low-level API, plus several additional exceptions, live in gssapi.exceptions. The rest of the classes may be imported directly from gssapi. Only classes are exported by gssapi – all functions are methods of classes in the high-level API.

Please note that QoP is not supported in the high-level API, since it has been deprecated.


In addition to RFC 2743/2744, Python-GSSAPI also has support for:

  • RFC 4178 (GSS-API Negotiation Mechanism)

  • RFC 5587 (Extended GSS Mechanism Inquiry APIs)

  • RFC 5588 (GSS-API Extension for Storing Delegated Credentials)

  • RFC 5801 (GSS-API SASL Extensions)

  • (Additional) Credential Store Extension

  • Services4User

  • Credentials import-export

  • RFC 6680 (GSS-API Naming Extensions)

  • DCE and IOV MIC extensions

  • acquire_cred_with_password and add_cred_with_password

  • GGF Extensions

  • Kerberos specific extensions

The Team

(GitHub usernames in parentheses)

  • Jordan Borean (@jborean93) - current maintainer and developer

  • Simo Sorce (@simo5) - developer

  • Robbie Harwood (@frozencemetery) - author emeritus

  • Solly Ross (@directxman12) - author emeritus

  • Hugh Cole-Baker (@sigmaris) - author emeritus

Get Involved

We welcome new contributions in the form of Issues and Pull Requests on Github. If you would like to join our discussions, you can find us on IRC, channel #python-gssapi.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gssapi-1.8.3.tar.gz (94.2 kB view hashes)

Uploaded source

Built Distributions

gssapi-1.8.3-cp312-cp312-win_amd64.whl (866.6 kB view hashes)

Uploaded cp312

gssapi-1.8.3-cp312-cp312-win32.whl (768.8 kB view hashes)

Uploaded cp312

gssapi-1.8.3-cp312-cp312-macosx_11_0_arm64.whl (685.8 kB view hashes)

Uploaded cp312

gssapi-1.8.3-cp312-cp312-macosx_10_9_x86_64.whl (705.7 kB view hashes)

Uploaded cp312

gssapi-1.8.3-cp311-cp311-win_amd64.whl (871.9 kB view hashes)

Uploaded cp311

gssapi-1.8.3-cp311-cp311-win32.whl (772.1 kB view hashes)

Uploaded cp311

gssapi-1.8.3-cp311-cp311-macosx_11_0_arm64.whl (687.7 kB view hashes)

Uploaded cp311

gssapi-1.8.3-cp311-cp311-macosx_10_9_x86_64.whl (711.9 kB view hashes)

Uploaded cp311

gssapi-1.8.3-cp310-cp310-win_amd64.whl (867.7 kB view hashes)

Uploaded cp310

gssapi-1.8.3-cp310-cp310-win32.whl (771.7 kB view hashes)

Uploaded cp310

gssapi-1.8.3-cp310-cp310-macosx_11_0_arm64.whl (684.9 kB view hashes)

Uploaded cp310

gssapi-1.8.3-cp310-cp310-macosx_10_9_x86_64.whl (708.2 kB view hashes)

Uploaded cp310

gssapi-1.8.3-cp39-cp39-win_amd64.whl (871.0 kB view hashes)

Uploaded cp39

gssapi-1.8.3-cp39-cp39-win32.whl (774.4 kB view hashes)

Uploaded cp39

gssapi-1.8.3-cp39-cp39-macosx_11_0_arm64.whl (688.6 kB view hashes)

Uploaded cp39

gssapi-1.8.3-cp39-cp39-macosx_10_9_x86_64.whl (712.0 kB view hashes)

Uploaded cp39

gssapi-1.8.3-cp38-cp38-win_amd64.whl (873.8 kB view hashes)

Uploaded cp38

gssapi-1.8.3-cp38-cp38-win32.whl (776.5 kB view hashes)

Uploaded cp38

gssapi-1.8.3-cp38-cp38-macosx_11_0_arm64.whl (694.3 kB view hashes)

Uploaded cp38

gssapi-1.8.3-cp38-cp38-macosx_10_9_x86_64.whl (718.2 kB view hashes)

Uploaded cp38

gssapi-1.8.3-cp37-cp37m-win_amd64.whl (878.6 kB view hashes)

Uploaded cp37

gssapi-1.8.3-cp37-cp37m-win32.whl (775.9 kB view hashes)

Uploaded cp37

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page