Plasma GitLab Archive
Projects Blog Knowledge

Module Netmech_krb5_sasl.Krb5_gs2_profile

module Krb5_gs2_profile: Netmech_gs2_sasl.PROFILE 
This is the profile used for Netmech_krb5_sasl.Krb5_gs2

val mechanism_name : string
The GS2 version of the mechanism name (w/o "-PLUS" suffix)
val announce_channel_binding : bool
Whether to announce the availability of channel binding by adding "-PLUS" to the mechanism name, and by offering channel bindings in the initial token.
val mechanism_oid : Netsys_gssapi.oid
The OID of the mechanism to use
val client_additional_params : string list
Additional parameters understood by create_client_session
val server_additional_params : string list
Additional parameters understood by create_server_session
val client_map_user_name : params:(string * string) list -> string -> string * Netsys_gssapi.oid
For clients: maps user names to a pair (name_string,name_type) that can be used in the GSSAPI for acquiring a name. If the name_type is the empty array, no target name is passed to the GSSAPI.

The params are from the create_client_session call.

val server_map_user_name : params:(string * string) list -> string * Netsys_gssapi.oid -> string
For servers: maps a pair (name_string,name_type) coming from the GSSAPI to a user name. The params are from the create_server_session call.

The function may raise Not_found in which case the authentication will fail.

val client_get_target_name : params:(string * string) list -> string * Netsys_gssapi.oid
For clients: get the GSSAPI name of the target to contact as (name_string,name_type) pair. If the name_type is the empty array, no target name is passed to the GSSAPI.

The params are from the create_client_session call.

val server_bind_target_name : params:(string * string) list -> (string * Netsys_gssapi.oid) option
For servers: optionally bind the GSSAPI name of the server. The params are from the create_server_session call.
val server_check_target_name : params:(string * string) list -> string * Netsys_gssapi.oid -> bool
For servers: check whether the GSSAPI name the client sent is the right one. This is a more flexible alternative to server_bind_target_name: instead of binding to a single name, the client may send any target name, and we check now whether this name is acceptable. params are from the create_server_session call.
val client_flags : params:(string * string) list -> (Netsys_gssapi.req_flag * bool) list
Flags for init_sec_context. The bool says whether the flag is required (otherwise the feature is only offered). `Mutual_flag is always required.
val server_flags : params:(string * string) list -> Netsys_gssapi.req_flag list
Required flags for accept_sec_context. `Mutual_flag is always required.
val client_credential : exn option
If set, the client will use a certain credential (and not acquire one). This is intended for passing in delegated credentials (well, not really elegant). This needs to be set to the Credential exception of the GSSAPI provider.
This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml