module Netsys_sasl_types:sig
..end
typecb =
[ `GSSAPI of string
| `None
| `SASL_none_but_advertise
| `SASL_require of string * string ]
Possible channel bindings:
`None
: this is the default`SASL_none_but_advertise
: the client supports channel binding and
advertises this. For this time, the SCRAM protocol is run without
channel binding, though. (Only available in the SASL profile.)`SASL_require(type,data)
: Require channel binding. E.g. type="tls-unique",
and data
is set to the channel identifier (RFC 5929).
(Only available in the SASL profile.)`GSSAPI data
: use this channel binding for GSS-APIThis type is shared by SASL and GSSAPI providers.
typeserver_state =
[ `Auth_error of string | `Emit | `OK | `Restart of string | `Wait ]
The state of the server session:
`Wait
: it is waited for the client response.`Emit
: a new server challenge can be emitted.`OK
: the authentication protocol succeeded`Auth_error
: authentication error (it is unspecified which;
the string may be used for logging)`Restart session_id
: this state can be entered after getting
the first client response. It means that the saved session
session_id
may be restarted by calling
server_process_response_restart
with the client response.typeclient_state =
[ `Auth_error of string | `Emit | `OK | `Stale | `Wait ]
The state of the client session:
`Wait
: it is waited for the server challenge.`Emit
: a new client response can be emitted.`OK
: the authentication protocol succeeded`Auth_error
: authentication error (it is unspecified which);
the string may be used for logging)`Stale
: The client session is refused as too old. The password,
though, is correct. Otherwise this is the same as `Emit
, i.e.
the authentication process can continue.module type SASL_MECHANISM =sig
..end