package krb

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type
type 'a mode =
  1. | Kerberized of 'a
    (*

    The connection will be kerberized.

    *)
  2. | Test_with_principal of Principal.Name.t
    (*

    In test mode, clients/servers can pretend to be any principal. Please note that this mode provides NO Kerberos protection. The connection will be plain TCP.

    *)

A Mode.t specifies whether a client or server should use Kerberos for authentication or use a test mode where clients/servers can pretend to be any principal. All production clients and servers should use Kerberized mode.

When you use the default kerberized mode on both client and server, you will end up with encrypted connections. Secure by default! Note that full encryption has a performance cost.

Note that clients can only talk to servers that are running with the same mode constructor: a client using Kerberized can only talk to a server using Kerberized. Same goes for Test_with_principal

val compare_mode : ('a -> 'a -> int) -> 'a mode -> 'a mode -> int
val hash_fold_mode : (Ppx_hash_lib.Std.Hash.state -> 'a -> Ppx_hash_lib.Std.Hash.state) -> Ppx_hash_lib.Std.Hash.state -> 'a mode -> Ppx_hash_lib.Std.Hash.state
val sexp_of_mode : ('a -> Sexplib0.Sexp.t) -> 'a mode -> Sexplib0.Sexp.t
module Client : sig ... end
module Server : sig ... end

The *_with_auth_conn_type modes are used for RPC transports that don't support transforming data, and thus only support the Auth connection type.

module Client_with_auth_conn_type : sig ... end
module Server_with_auth_conn_type : sig ... end
module Stable : sig ... end
OCaml

Innovation. Community. Security.