package krb

  1. Overview
  2. Docs
A library for using Kerberos for both Rpc and Tcp communication

Install 

dune-project
 Dependency

github.com MIT License Edit opam file Versions (2)

Authors

  1. J
    Jane Street Group, LLC

Maintainers

  1. J
    Jane Street developers

Sources

krb-v0.16.0.tar.gz
sha256=353675621e4c5a888f2483dc1bb7281bd17ce4ed7dfd2f40142257f98db7c77d

doc/krb.public/Krb_public/Rpc/Connection/index.html

Module Rpc.ConnectionSource

Sourcetype t = Async.Rpc.Connection.t
type ('client_identity, 'authorize, 'conn_state, 'r) krb_rpc_args := ?on_kerberos_error: [ `Call of Async.Socket.Address.Inet.t -> exn -> unit | `Ignore | `Raise ] -> ?on_handshake_error: [ `Call of Handshake_error.Kind.t -> Async.Socket.Address.Inet.t -> exn -> unit | `Ignore | `Raise ] -> ?on_done_with_internal_buffer:[ `Do_nothing | `Zero ] -> authorize:'authorize -> implementations:'conn_state Async.Rpc.Implementations.t -> initial_connection_state: ('client_identity -> Async.Socket.Address.Inet.t -> t -> 'conn_state) -> 'r
type ('client_identity, 'authorize, 'conn_state) server_args := (?max_connections:int -> ?backlog:int -> ?drop_incoming_connections:bool -> ?buffer_age_limit:Async.Writer.buffer_age_limit -> ('client_identity, 'authorize, 'conn_state, where_to_listen:Async.Tcp.Where_to_listen.inet -> krb_mode:Mode.Server.t -> unit -> (Async.Socket.Address.Inet.t, int) Async.Tcp.Server.t Async.Deferred.Or_error.t) krb_rpc_args) async_rpc_args
Sourceval serve : ?additional_magic_numbers:int list -> (Client_identity.t, Authorize.t, 'a) server_args

serve starts an RPC server that provides the given implementations

Sourceval serve_with_anon : (Client_identity.t option, Authorize.Anon.t, 'a) server_args

serve_with_anon starts an RPC server that allows connections from both Krb.Rpc and Async.Rpc clients

NOTE: serve_with_anon is provided to ease the transition from unkerberized applications to kerberized ones. After upgrading all servers and clients to use Krb.Rpc rather than Async.Rpc, nearly all apps should switch their servers from serve_with_anon to serve.

This will fail to recognize sufficiently old kerberized RPC clients, so changing from serve to serve_with_anon can introduce problems, but such a change should rarely be necessary, if ever.

type ('client_identity, 'authorize, 'conn_state) create_client_handler := ('client_identity, 'authorize, 'conn_state, Mode.Server.t -> (Async.Socket.Address.Inet.t -> Async.Reader.t -> Async.Writer.t -> unit Async.Deferred.t) Async.Deferred.Or_error.t) krb_rpc_args async_rpc_args
Sourceval create_handler : (Client_identity.t, Authorize.t, 'conn_state) create_client_handler

create_handler is the same as serve, but it provides a handler that can be used with an externally created TCP server.

Sourceval create_handler_with_anon : (Client_identity.t option, Authorize.Anon.t, 'conn_state) create_client_handler

create_handler_with_anon is like create_handler except that it can handle connections from both Krb.Rpc and Async.Rpc clients. See the doc for serve_with_anon for more details.

type ('a, 'conn_state) with_client_args := (?implementations: (Server_principal.t -> 'conn_state Async.Rpc.Connection.Client_implementations.t) -> ?description:Core.Info.t -> ?cred_cache:Cred_cache.t -> ?buffer_age_limit:[ `At_most of Core.Time_float.Span.t | `Unlimited ] -> ?on_credential_forwarding_request: (Server_principal.t -> On_credential_forwarding_request.t) -> ?on_done_with_internal_buffer:[ `Do_nothing | `Zero ] -> ?krb_mode:Mode.Client.t -> authorize:Authorize.t -> Async.Socket.Address.Inet.t Async.Tcp.Where_to_connect.t -> 'a) async_rpc_args

client creates a Connection.t appropriate for dispatching RPC's to a kerberized server.

Sourcemodule Internal : sig ... end

Only used for internal testing of the library