package krb

  1. Overview
  2. Docs
A library for using Kerberos for both Rpc and Tcp communication

Install

Dune Dependency

github.com MIT License Edit opam file Versions (2)

Authors

  1. J
    Jane Street Group, LLC

Maintainers

  1. J
    Jane Street developers

Sources

krb-v0.16.0.tar.gz
sha256=353675621e4c5a888f2483dc1bb7281bd17ce4ed7dfd2f40142257f98db7c77d

doc/krb.internal/Krb_internal_public/Cred_cache/index.html

Module Krb_internal_public.Cred_cacheSource

Sourcetype t

krb5_ccache

A cache of credentials. This includes service tickets and ticket granting tickets (TGT).

It uses a custom hash function such that compare t1 t2 = 0 => hash t1 = hash t2

include Ppx_compare_lib.Comparable.S with type t := t
Sourceval compare : t Base__Ppx_compare_lib.compare
include Ppx_hash_lib.Hashable.S with type t := t
Sourceval hash_fold_t : t Base__Ppx_hash_lib.hash_fold
Sourceval sexp_of_t : t -> Sexplib0.Sexp.t
Sourceval hash : t -> int
Sourceval default : unit -> t Async.Deferred.Or_error.t

the credentials cache indicated by the environment variable KRB5CCNAME

Sourceval type_ : t -> [ `Normal | `S4U2Self of Principal.t ]

`Normal cred caches should have a TGT, in addition to potentially other tickets. In other cases (such as the result of an S4U2Self-based cache) the cred cache may not be expected to have a TGT. By tagging caches with this extra information, we can have more reasonable behavior in instances of trying to renew a cache and the like.

Sourceval initialize : t -> Principal.t -> unit Async.Deferred.Or_error.t
Sourceval create : ?type_:[ `Normal | `S4U2Self of Principal.t ] -> Cache_type.t -> Principal.t -> t Async.Deferred.Or_error.t

Creating a cred cache of types FILE or DIR (and possibly others) leaks files on disk. The finalizer for Cred_cache.t closes the file and frees the memory associated with it, but the file doesn't get removed from disk.

Sourceval initialize_and_store : t -> Principal.t -> Credentials.t list -> unit Async.Deferred.Or_error.t

initialize and then store in a single Async cycle

Sourceval store_if_not_in_cache : t -> request:Credentials.t -> Credentials.t -> unit Async.Deferred.Or_error.t

check to see if the supplied credentials are already cached. If not, call store. All this is done in a single Async cycle.

Sourceval get_credentials : ?tag_error_with_all_credentials:bool -> ?ensure_cached_valid_for_at_least:Core.Time_float.Span.t -> flags:Krb_flags.Get_credentials.t list -> t -> request:Credentials.t -> Credentials.t Async.Deferred.Or_error.t

The returned Credentials.t are stored in t.

tag_error_with_all_credentials will decorate errors with a list of all credentials in t. This might be memory and cpu intensive when there are a lot of credentials in t. Default: Config.verbose_errors.

ensure_cached_valid_for_at_least is the amount of time a ticket must be valid for if it is taken directly from the cache (i.e. KRB5_GC_CACHED was supplied as a flag). Default: 10min.

Sourceval get_cached_tgt : ?ensure_valid_for_at_least:Core.Time_float.Span.t -> t -> Credentials.t Async.Deferred.Or_error.t
Sourcemodule Expert : sig ... end
Sourcemodule Raw : sig ... end
Sourceval to_raw : t -> Raw.t
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct