package krb

  1. Overview
  2. Docs
package krb
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module Krb_public.AuthorizeSource

A 'principal t is used for authorizing a kerberized connection and allows checking that the peer is who we expect it to be.

It gets passed the ip and principal of the peer and decides whether to accept the connection or to reject and close the connection.

Furthermore, any error will propagate to the initiator as part of the connection establishment protocol. This allows the initiator to get a more meaningful message (eg. "server rejected client principal or address" instead of something like "connection closed").

Similar functionality can be implemented on the server side by validating the Principal.Name.t either returned by Krb.Tcp.connect or supplied to initial_connection_state in Krb.Rpc.serve/Krb.Rpc.serve_with_anon. However if authorize returns `Reject the client will be rejected early, without fully establishing a connection.

Sourcetype t
Sourceval create : (Async.Socket.Address.Inet.t -> Principal.Name.t -> [ `Accept | `Reject ]) -> t
Sourceval create_async : (Async.Socket.Address.Inet.t -> Principal.Name.t -> [ `Accept | `Reject ] Async.Deferred.t) -> t

The following helper functions should aid in the common case of validating the client or server principals.

Sourceval accept_all : t
Sourceval accept_single : Principal.Name.t -> t
Sourceval accept_multiple : Principal.Name.Set.t -> t
Sourcemodule Cross_realm : sig ... end
Sourcemodule Anon : sig ... end
Sourceval krb_of_anon : Anon.t -> t
Sourceval authorization_method : t -> [ `Accept_all | `Custom ]
Sourcemodule For_internal_use : sig ... end
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct