Module gssapi 

GSSAPI/Kerberos authentication for EST endpoints.

Implements the Authorization: Negotiate (SPNEGO) authentication mechanism, following the same pattern as Akamu’s GSSAPI support.

Channel binding to the TLS session (tls-server-end-point, RFC 5929) is supported to prevent credential forwarding attacks.

Structs

NegotiateOutToken

Request extension carrying the GSSAPI mutual-auth output token.

TlsChannelBinding

TLS channel binding data (tls-server-end-point, RFC 5929).

Functions

negotiate_challenge

Build a 401 response with a WWW-Authenticate: Negotiate challenge.

try_extract_gssapi

Attempt to extract and validate GSSAPI/SPNEGO credentials.