package krb

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

A principal is a unique identity to which kerberos can assign tickets. Generally, principals are a name (containing an arbitrary number of components separated by '/') followed by "@<REALM>". The Krb library allows for two kinds of principals:

User: <username>@<REALM> Service: <service>/<hostname>.<domain>@<REALM>

See Config for information on how to configure <REALM> and <domain>.

For a more complete explanation, see the MIT krb5 documentation: http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/What-is-a-Kerberos-Principal_003f.html

module Name : sig ... end
val name : t -> Name.t
val service_with_canonicalized_hostname : service:string -> hostname:string -> t Async.Deferred.Or_error.t

Constructs a principal <service_name>/<canonicalized_hostname>, where the canonicalized hostname is derived from hostname with the rules defined by the Kerberos config (as described at https://web.mit.edu/kerberos/krb5-devel/doc/admin/princ_dns.html).

module Cross_realm : sig ... end
val to_string : t -> string
val check_password : t -> password:string -> unit Async.Deferred.Or_error.t

kvno returns the key version number known by the KDC. Consequently this is an online test and must be called by a user with a valid TGT.

module Stable : sig ... end
OCaml

Innovation. Community. Security.