Generic Security Service API (GSS-API) version 2, and its C binding, is described in RFC2743 and RFC2744. Version 1 (deprecated) of the C binding is described in RFC1509.
Heimdals GSS-API implementation supports the following mechanisms
GSS-API have generic name types that all mechanism are supposed to implement (if possible)
GSS-API implementations that supports Kerberos 5 have some additional name types
gss_display_name takes the gss name in input_name and put a printable form in output_name_buffer. output_name_buffer should be freed when done using gss_release_buffer. output_name_type can either be NULL or a pointer to a gss_OID and will in the later case contain the OID type of the name. The name should only be used for printing. Access control should be done with the result of gss_export_name.
gss_sign, gss_verify, gss_seal, and gss_unseal are part of the GSS-API V1 interface and are obsolete. The functions should not be used for new applications. They are provided so that version 1 applications can link against the library.
gss_krb5_copy_ccache is an extension to the GSS-API API. The function will extract the krb5 credential that are transfered from the initiator to the acceptor when using token delegation in the Kerberos mechanism. The acceptor receives the delegated token in the last argument to gss_accept_sec_context.
gss_krb5_compat_des3_mic turns on or off the compatibly with older version of Heimdal using des3 get and verify mic, this is way to programmatically set the [gssapi]broken_des3_mic and [gssapi]correct_des3_mic flags (see COMPATIBILITY section in gssapi(3)). If the CPP symbol GSS_C_KRB5_COMPAT_DES3_MIC is present, gss_krb5_compat_des3_mic exists. gss_krb5_compat_des3_mic will be removed in a later version of the GSS-API library.
krb5(3), krb5_ccache(3), gssapi(3), kerberos(8)