package krb
Install
Dune Dependency
Authors
Maintainers
Sources
sha256=353675621e4c5a888f2483dc1bb7281bd17ce4ed7dfd2f40142257f98db7c77d
doc/krb.public/Krb_public/Authorize/index.html
Module Krb_public.AuthorizeSource
A 'principal t is used for authorizing a kerberized connection and allows checking that the peer is who we expect it to be.
It gets passed the ip and principal of the peer and decides whether to accept the connection or to reject and close the connection.
Furthermore, any error will propagate to the initiator as part of the connection establishment protocol. This allows the initiator to get a more meaningful message (eg. "server rejected client principal or address" instead of something like "connection closed").
Similar functionality can be implemented on the server side by validating the Principal.Name.t either returned by Krb.Tcp.connect or supplied to initial_connection_state in Krb.Rpc.serve/Krb.Rpc.serve_with_anon. However if authorize returns `Reject the client will be rejected early, without fully establishing a connection.
val create_async :
(Async.Socket.Address.Inet.t ->
Principal.Name.t ->
[ `Accept | `Reject ] Async.Deferred.t) ->
tThe following helper functions should aid in the common case of validating the client or server principals.