Plasma GitLab Archive
Projects Blog Knowledge 

(* $Id: rpc_auth_gssapi.mli 1556 2011-03-03 16:23:34Z gerd $ *)

(** GSS-API for RPC authentication *)

open Netgssapi

type user_name_format =
    [ `Exported_name
    | `Prefixed_name
    | `Plain_name
    ]
  (** What to return as user name:
      - [`Exported_name]: the exported name in binary format (as described
        in RFC 2078, section 3.2). This format can only be read back by
        the [gss_api] object generating the name.
      - [`Prefixed_name]: the display name in a text format
        "[{<oid>}<namestring>]".
      - [`Plain_name]: the string part of the display name
   *)

val server_auth_method : 
      ?require_privacy:bool ->
      ?require_integrity:bool ->
      ?shared_context:bool ->
      ?acceptor_cred:credential ->
      ?user_name_format:user_name_format ->
      ?seq_number_window:int ->
      gss_api -> oid -> Rpc_server.auth_method
  (** Creates an authentication method from a GSS-API interface.
      The OID selects the desired authentication method.

      Options:
      - [require_privacy]: Whether the messages must be
        encrypted. If not enabled, the server also accepts non-encrypted
        messages that are authenticated via GSS-API.
      - [require_integrity]: Whether integrity checksums must be
        included. If not enabled, the server also accepts non-signed
        messages that are authenticated via GSS-API.
      - [shared_context]: Whether this method maintains only one
        security context for all connections. By default,
        each connection has a security context of its own. For UDP,
        this option needs to be set, because each UDP request is
        considered as creating a new connection.
      - [acceptor_cred]: Overrides the credentials of the server. By
        default, it is left to [gss_api] which credential is
        assumed.
      - [user_name_format]: Defaults to [`Prefixed_name].
      - [seq_number_window]: If set, the server checks for replayed
        requests. The integer is the length of the check window (see
        RFC 2203 section 5.3.3.1). If omitted, no such checks are
        performed (the default). 
   *)

type support_level =
    [ `Required | `If_possible | `None ]

type user_name_interpretation =
    [ `Exported_name
    | `Prefixed_name
    | `Plain_name of oid
    ]

val client_auth_method :
      ?privacy:support_level ->
      ?integrity:support_level ->
      ?user_name_interpretation:user_name_interpretation ->
      gss_api -> oid -> Rpc_client.auth_method
  (** Creates an authentication method from a GSS-API interface.
      The OID selects the desired authentication method.

      Options:
      - [privacy]: Selects whether messages are encrypted. If [`Required],
        the authentication method fails if the GSS-API does not support
        encryption, and it enables encryption if GSS-API supports it.
        If [`If_possible] encryption is enabled if GSS-API supports it
        (the default). If [`None], the messages are not encrypted.
      - [integrity]: Selects whether messages are signed. If [`Required],
        the authentication method fails if the GSS-API does not support
        integrity protection, and it enables this feature if GSS-API supports
        it. If [`If_possible] integrity protection is enabled if GSS-API
        supports it (the default). If [`None], the messages are not signed.
      - [user_name_format]: Defaults to [`Prefixed_name].
   *)

module Debug : sig
  val enable : bool ref
end
This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml