package krb

You can search for identifiers within the package.

in-package search v0.2.0

A library for using Kerberos for both Rpc and Tcp communication

Install

dune-project

Dependency

github.com MIT License Edit opam file Versions (2)

Authors

J

Jane Street Group, LLC

Maintainers

J

Jane Street developers

Sources

krb-v0.16.0.tar.gz

sha256=353675621e4c5a888f2483dc1bb7281bd17ce4ed7dfd2f40142257f98db7c77d

doc/krb.public/Krb_public/Server_key_source/index.html

Module `Krb_public.Server_key_source`Source

Kerberos clients send encrypted tickets for servers. One of the central underpinning of Kerberos is that only the KDC and the target server know this secret encryption key.

A Server_key_source.t represents which key is used to encrypt service tickets. The Keytab variant should be used for as-users. The Tgt variant should be used for human users. default () will make this choice for you based on the currently running user.

See ../doc/index.mkd for more information on how Kerberos works.

Sourcetype t =

| Tgt
(*
Use the session key associated with the server's ticket granting ticket (TGT). The user must have a valid TGT in its cred cache. This is the recommended setup for human users that don't have keytabs.
*)
| Keytab of Principal.Name.t * Keytab.Path.t
(*
Use the password-derived key for the specified principal that is stored in the specified keytab.
*)

include Ppx_compare_lib.Comparable.S with type t := t

Sourceval compare : t Base__Ppx_compare_lib.compare

include Ppx_hash_lib.Hashable.S with type t := t

Sourceval hash_fold_t : t Base__Ppx_hash_lib.hash_fold

Sourceval hash : t -> Base__Ppx_hash_lib.Std.Hash.hash_value

Sourceval sexp_of_t : t -> Sexplib0.Sexp.t

Source

val best_effort_validate : 
  ?refresh_tgt:unit ->
  cred_cache:Cred_cache.t ->
  t ->
  unit Async.Deferred.Or_error.t

Make a best effort attempt to validate t. This can be used as a way to fail early after getting a t from the command line. It is automatically called with ~refresh_tgt:() before all Tcp and Rpc client connections.

refresh_tgt will start a background job to refresh credentials in the Keytab case.

Note: it is still possible for this function to return a success but a later call that uses t to fail. This might be because a ticket has expired or because some other process has been mucking around with the credential cache.

Sourceval principal : t -> Principal.t Async.Deferred.Or_error.t

principal t returns the Principal.t that will be used to start kerberized services

Sourcemodule Stable : sig ... end