Plasma GitLab Archive
Projects Blog Knowledge

Module Netsys_sasl_types

module Netsys_sasl_types: sig .. end

type cb = [ `GSSAPI of string
| `None
| `SASL_none_but_advertise
| `SASL_require of string * string ]

Possible channel bindings:

  • `None: this is the default
  • `SASL_none_but_advertise: the client supports channel binding and advertises this. For this time, the SCRAM protocol is run without channel binding, though. (Only available in the SASL profile.)
  • `SASL_require(type,data): Require channel binding. E.g. type="tls-unique", and data is set to the channel identifier (RFC 5929). (Only available in the SASL profile.)
  • `GSSAPI data: use this channel binding for GSS-API

This type is shared by SASL and GSSAPI providers.

type server_state = [ `Auth_error of string | `Emit | `OK | `Restart of string | `Wait ] 

The state of the server session:

  • `Wait: it is waited for the client response.
  • `Emit: a new server challenge can be emitted.
  • `OK: the authentication protocol succeeded
  • `Auth_error: authentication error (it is unspecified which; the string may be used for logging)
  • `Restart session_id: this state can be entered after getting the first client response. It means that the saved session session_id may be restarted by calling server_process_response_restart with the client response.
type client_state = [ `Auth_error of string | `Emit | `OK | `Stale | `Wait ] 

The state of the client session:

  • `Wait: it is waited for the server challenge.
  • `Emit: a new client response can be emitted.
  • `OK: the authentication protocol succeeded
  • `Auth_error: authentication error (it is unspecified which); the string may be used for logging)
  • `Stale: The client session is refused as too old. The password, though, is correct. Otherwise this is the same as `Emit, i.e. the authentication process can continue.
module type SASL_MECHANISM = sig .. end
This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml