package krb

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

Kerberos clients send encrypted tickets for servers. One of the central underpinning of Kerberos is that only the KDC and the target server know this secret encryption key.

A Server_key_source.t represents which key is used to encrypt service tickets. The Keytab variant should be used for as-users. The Tgt variant should be used for human users. default () will make this choice for you based on the currently running user.

See ../doc/index.mkd for more information on how Kerberos works.

type t =
  1. | Tgt
    (*

    Use the session key associated with the server's ticket granting ticket (TGT). The user must have a valid TGT in its cred cache. This is the recommended setup for human users that don't have keytabs.

    *)
  2. | Keytab of Principal.Name.t * Keytab.Path.t
    (*

    Use the password-derived key for the specified principal that is stored in the specified keytab.

    *)
include Ppx_compare_lib.Comparable.S with type t := t
val compare : t Base__Ppx_compare_lib.compare
include Ppx_hash_lib.Hashable.S with type t := t
val hash_fold_t : t Base__Ppx_hash_lib.hash_fold
val hash : t -> Base__Ppx_hash_lib.Std.Hash.hash_value
val sexp_of_t : t -> Sexplib0.Sexp.t
val best_effort_validate : ?refresh_tgt:unit -> cred_cache:Cred_cache.t -> t -> unit Async.Deferred.Or_error.t

Make a best effort attempt to validate t. This can be used as a way to fail early after getting a t from the command line. It is automatically called with ~refresh_tgt:() before all Tcp and Rpc client connections.

refresh_tgt will start a background job to refresh credentials in the Keytab case.

Note: it is still possible for this function to return a success but a later call that uses t to fail. This might be because a ticket has expired or because some other process has been mucking around with the credential cache.

principal t returns the Principal.t that will be used to start kerberized services

module Stable : sig ... end
OCaml

Innovation. Community. Security.