module Netsys_sasl_types: sig
.. end
Possible channel bindings:
`None
: this is the default
`SASL_none_but_advertise
: the client supports channel binding and
advertises this. For this time, the SCRAM protocol is run without
channel binding, though. (Only available in the SASL profile.)
`SASL_require(type,data)
: Require channel binding. E.g. type="tls-unique",
and data
is set to the channel identifier (RFC 5929).
(Only available in the SASL profile.)
`GSSAPI data
: use this channel binding for GSS-API
This type is shared by SASL and GSSAPI providers.
type
cb = [ `GSSAPI of string
| `None
| `SASL_none_but_advertise
| `SASL_require of string * string ]
Possible channel bindings:
`None
: this is the default
`SASL_none_but_advertise
: the client supports channel binding and
advertises this. For this time, the SCRAM protocol is run without
channel binding, though. (Only available in the SASL profile.)
`SASL_require(type,data)
: Require channel binding. E.g. type="tls-unique",
and data
is set to the channel identifier (RFC 5929).
(Only available in the SASL profile.)
`GSSAPI data
: use this channel binding for GSS-API
This type is shared by SASL and GSSAPI providers.
type
server_state = [ `Auth_error of string | `Emit | `OK | `Restart of string | `Wait ]
The state of the server session:
`Wait
: it is waited for the client response.
`Emit
: a new server challenge can be emitted.
`OK
: the authentication protocol succeeded
`Auth_error
: authentication error (it is unspecified which;
the string may be used for logging)
`Restart session_id
: this state can be entered after getting
the first client response. It means that the saved session
session_id
may be restarted by calling
server_process_response_restart
with the client response.
type
client_state = [ `Auth_error of string | `Emit | `OK | `Stale | `Wait ]
The state of the client session:
`Wait
: it is waited for the server challenge.
`Emit
: a new client response can be emitted.
`OK
: the authentication protocol succeeded
`Auth_error
: authentication error (it is unspecified which);
the string may be used for logging)
`Stale
: The client session is refused as too old. The password,
though, is correct. Otherwise this is the same as `Emit
, i.e.
the authentication process can continue.
module type SASL_MECHANISM = sig
.. end