Projects/Kernel-friendly GSS subset
There is interest in splitting the GSS-API library to support easily building a subset for the message-protection functions (gss_wrap, gss_unwrap, etc.) for easy inclusion in operating system kernels. Main consumers would be operating system vendors who need to implement NFS or related protocols in the kernel. In practice this would entail carving out a vertical slice of the call tree, including (minimal) pieces of libkrb5 and most of libk5crypto.
Best outcome would separate these files into a subdirectory for easier porting and rearrangement into vendors' kernel source trees, but even isolating the message protection pieces into separate files would be an improvement over the current situation. (Need to investigate how badly they're interwoven currently.)
As a starting point, the organization of uts/common/gssapi in the Solaris source code could be a guide. (see OpenSolaris OpenGrok)