package krb
A library for using Kerberos for both Rpc and Tcp communication
Install
Dune Dependency
Authors
Maintainers
Sources
krb-v0.16.0.tar.gz
sha256=353675621e4c5a888f2483dc1bb7281bd17ce4ed7dfd2f40142257f98db7c77d
doc/krb.public/Krb_public/Keytab/index.html
Module Krb_public.KeytabSource
A keytab (key table) is a file containing pairs of kerberos principals and encryption keys. You can use a keytab file to do kerberos authentication without having to enter a password (the key is derived from your password). Keytab's are generally used for 2 reasons:
- Kerberized servers *SHOULD* have a keytab so they can accept encrypted data from clients, unless they are running as human users
- Kerberized clients *MAY* use a keytab to obtain initial credentials (tgt). This might be useful for a long running application, so you don't need to type in a password to refresh credentials.
For a more complete explanation, see the MIT krb5 documentation: http://web.mit.edu/kerberos/krb5-latest/doc/basic/keytab_def.html
Ensure the keytab can be loaded successfully and contains an entry for the given principal. This does not verify whether the keytab is up to date, since it only performs offline checks.
Like validate but takes a path and principal name
Source
val entries_by_kvno :
t ->
Krb_internal_public.Std.Keytab_entry.t list Core.Int.Map.t
Async.Deferred.Or_error.tSource
val entries_for_principal :
t ->
Principal.t ->
Krb_internal_public.Std.Keytab_entry.t list Async.Deferred.Or_error.tSource
val add_entry :
t ->
password:string ->
enctype:Krb_internal_public.Std.Enctype.t ->
kvno:int ->
principal:Principal.t ->
unit Async.Deferred.Or_error.tSource
val add_new_entry_for_all_principals :
?kvno:int ->
t ->
password:string ->
unit Async.Deferred.Or_error.tFor each principal and enctype in the keytab, add a fresh key generated from the provided password.
- There must not be principals with conflicting keys with the latest kvno.
- If no kvno is provided, uses value one greater than the latest kvno found in the keytab.