package krb

  1. Overview
  2. Docs
package krb
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module Krb_public.Server_key_sourceSource

Kerberos clients send encrypted tickets for servers. One of the central underpinning of Kerberos is that only the KDC and the target server know this secret encryption key.

A Server_key_source.t represents which key is used to encrypt service tickets. The Keytab variant should be used for as-users. The Tgt variant should be used for human users. default () will make this choice for you based on the currently running user.

See ../doc/index.mkd for more information on how Kerberos works.

Sourcetype t =
  1. | Tgt
    (*

    Use the session key associated with the server's ticket granting ticket (TGT). The user must have a valid TGT in its cred cache. This is the recommended setup for human users that don't have keytabs.

    *)
  2. | Keytab of Principal.Name.t * Keytab.Path.t
    (*

    Use the password-derived key for the specified principal that is stored in the specified keytab.

    *)
include Ppx_compare_lib.Comparable.S with type t := t
Sourceval compare : t Base__Ppx_compare_lib.compare
include Ppx_hash_lib.Hashable.S with type t := t
Sourceval hash_fold_t : t Base__Ppx_hash_lib.hash_fold
Sourceval hash : t -> Base__Ppx_hash_lib.Std.Hash.hash_value
Sourceval sexp_of_t : t -> Sexplib0.Sexp.t
Sourceval best_effort_validate : ?refresh_tgt:unit -> cred_cache:Cred_cache.t -> t -> unit Async.Deferred.Or_error.t

Make a best effort attempt to validate t. This can be used as a way to fail early after getting a t from the command line. It is automatically called with ~refresh_tgt:() before all Tcp and Rpc client connections.

refresh_tgt will start a background job to refresh credentials in the Keytab case.

Note: it is still possible for this function to return a success but a later call that uses t to fail. This might be because a ticket has expired or because some other process has been mucking around with the credential cache.

principal t returns the Principal.t that will be used to start kerberized services

Sourcemodule Stable : sig ... end
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct