Android Kerberos Port using wolfSSL Embedded SSL

yaSSL has recently ported the MIT Kerberos libraries to Android. The Android platform has previously been void of Kerberos support – forcing Android developers who are creating new applications or porting existing projects to either modify existing code or exclude Kerberos functionality from their apps and libraries altogether.

yaSSL has taken the first steps in bringing Kerberos to the Android platform. The native MIT Kerberos libraries have been cross-compiled for Android and are now able to be used natively with the Android NDK. yaSSL has added the wolfSSL embedded SSL library`s cryptography library (CTaoCrypt) as a crypto implementation for Kerberos, allowing embedded projects to use wolfSSL`s lightweight and fully functional crypto backend on Android.

In addition to the cross-compiled MIT Kerberos libraries, yaSSL has created a sample Android NDK application wrapping the functionality of kinit, klist, kvno, and kdestroy with a simple GUI front-end. We hope this application provides a starting place for application developers interested in using Kerberos on Android.

The MIT Kerberos libraries and sample application are distributed under the MIT license (using wolfSSL`s FLOSS exception) and the code will be in the MIT Kerberos code repository in the near future. Until it has been merged into the MIT repositories, you can find the sample application on GitHub at the following URL. The sample application includes cross-compiled Kerberos and wolfSSL libraries. Instructions on cross compiling MIT Kerberos yourself will be released in the near future.

Our next step is to work on adding Java bindings for the native Kerberos GSS-API library on Android. As we have looked into several methods of accomplishing this, we would like to hear what the community would like to see regarding the Java bindings. Also, we would like to explore if there are any existing solutions which could be useful. The options we have looked at thus far include:

– Porting over an existing org.ietf.jgss Java package to Android and tying that into the native GSS-API library through JNI.
– Using SWIG to generate Java wrappers to the native GSS-API.

Are you interested in using Kerberos on Android? What do you think the best path would be for adding Java bindings? Do you have any suggestions about the direction of the project so far? If so, please let us know your thoughts at


Team yaSSL