module Netsys_gssapi:sig
..end
The following other modules are also interesting in this context:
typeoid =
int array
typeoid_set =
oid list
GSS_C_NO_OID_SET
.typetoken =
string
typeinterprocess_token =
string
typecalling_error =
[ `Bad_structure | `Inaccessible_read | `Inaccessible_write | `None ]
typeroutine_error =
[ `Bad_QOP
| `Bad_bindings
| `Bad_mech
| `Bad_mic
| `Bad_name
| `Bad_nametype
| `Bad_status
| `Context_expired
| `Credentials_expired
| `Defective_credential
| `Defective_token
| `Duplicate_element
| `Failure
| `Name_not_mn
| `No_context
| `No_cred
| `None
| `Unauthorized
| `Unavailable ]
typesuppl_status =
[ `Continue_needed
| `Duplicate_token
| `Gap_token
| `Old_token
| `Unseq_token ]
typemajor_status =
calling_error * routine_error *
suppl_status list
typeminor_status =
int32
int32
is signed.typeaddress =
[ `Inet of Unix.inet_addr
| `Local of string
| `Nulladdr
| `Other of int32 * string
| `Unspecified of string ]
typechannel_bindings =
address * address * string
(initiator_address, acceptor_address, application_data)
typecred_usage =
[ `Accept | `Both | `Initiate ]
typeqop =
int32
typemessage =
Netsys_types.mstring list
mstring
typeret_flag =
[ `Anon_flag
| `Conf_flag
| `Deleg_flag
| `Integ_flag
| `Mutual_flag
| `Prot_ready_flag
| `Replay_flag
| `Sequence_flag
| `Trans_flag ]
accept_sec_context
methodtypereq_flag =
[ `Anon_flag
| `Conf_flag
| `Deleg_flag
| `Integ_flag
| `Mutual_flag
| `Replay_flag
| `Sequence_flag ]
init_sec_context
methodtypetime =
[ `Indefinite | `This of float ]
class type[['credential, 'name, 'context]]
poly_gss_api =object
..end
module type GSSAPI =sig
..end
val string_of_calling_error : calling_error -> string
val string_of_routine_error : routine_error -> string
val string_of_suppl_status : suppl_status -> string
val string_of_major_status : major_status -> string
val string_of_flag : ret_flag -> string
val nt_hostbased_service : oid
val nt_hostbased_service_alt : oid
val nt_user_name : oid
val nt_machine_uid_name : oid
val nt_string_uid_name : oid
val nt_anonymous : oid
val nt_export_name : oid
val nt_krb5_principal_name : oid
Netgssapi_support
for parsersval parse_hostbased_service : string -> string * string
service,host
) for "service@host". Fails if not parseabletypesupport_level =
[ `If_possible | `None | `Required ]
class type client_config =object
..end
val create_client_config : ?mech_type:oid ->
?initiator_name:string * oid ->
?initiator_cred:exn ->
?target_name:string * oid ->
?privacy:support_level ->
?integrity:support_level ->
?flags:(req_flag * support_level) list ->
unit -> client_config
mech_type
is the GSSAPI mechanism to use. If left unspecified,
a default is used. target_name
is the name of the service to
connect to. initiator_name
identifies and authenticates the client.
Note that you normally can omit all of mech_type
, target_name
,
and initiator_name
as GSSAPI already substitutes reasonable defaults
(at least if Kerberos is available as mechanism).
If you have a delegated credential you can also pass it as
initiator_cred
. This must be a Credential
exception from the
GSSAPI provider. initiator_cred
has precedence over initiator_name
.
privacy
and integrity
specify the desired level of protection.
By default, both integrity and privacy are enabled if available, but
it is no error if the mechanism doesn't support these features.
flags
: additional GSSAPI flags. These should not contain `Conf_flag
and `Integ_flag
(instead use privacy
and integrity
, resp.).
class type client_props =object
..end
val marshal_client_props : client_props -> string
val unmarshal_client_props : string -> client_props
class type server_config =object
..end
val create_server_config : ?mech_types:oid list ->
?acceptor_name:string * oid ->
?privacy:support_level ->
?integrity:support_level ->
?flags:(req_flag * support_level) list ->
unit -> server_config
mech_types
is the list of GSSAPI mechanism that are acceptable.
If left unspecified,
a default is used. acceptor_name
is the name of the service to
offer.
Note that you normally can omit mech_types
as GSSAPI already substitutes reasonable defaults
(at least if Kerberos is available as mechanism). acceptor_name
should
normally be specified.
privacy
and integrity
specify the desired level of protection.
By default, both integrity and privacy are enabled if available, but
it is no error if the mechanism doesn't support these features.
flags
: additional GSSAPI flags. These should not contain `Conf_flag
and `Integ_flag
(instead use privacy
and integrity
, resp.).
class type server_props =object
..end
val marshal_server_props : server_props -> string
val unmarshal_server_props : string -> server_props
Netoid
:
oid_to_string
is now Netoid.to_string_curly
string_to_oid
is now Netoid.of_string_curly
Netgssapi_support
.Netgssapi_support