Module type Netmech_gs2_sasl.PROFILE

The GS2 version of the mechanism name (w/o "-PLUS" suffix)

Whether to announce the availability of channel binding by adding "-PLUS" to the mechanism name, and by offering channel bindings in the initial token.

The OID of the mechanism to use

Additional parameters understood by create_client_session

Additional parameters understood by create_server_session

For clients: maps user names to a pair (name_string,name_type) that can be used in the GSSAPI for acquiring a name. If the name_type is the empty array, no target name is passed to the GSSAPI.

The params are from the create_client_session call.

For servers: maps a pair (name_string,name_type) coming from the GSSAPI to a user name. The params are from the create_server_session call.

The function may raise Not_found in which case the authentication will fail.

For clients: get the GSSAPI name of the target to contact as (name_string,name_type) pair. If the name_type is the empty array, no target name is passed to the GSSAPI.

The params are from the create_client_session call.

For servers: optionally bind the GSSAPI name of the server. The params are from the create_server_session call.

For servers: check whether the GSSAPI name the client sent is the right one. This is a more flexible alternative to server_bind_target_name: instead of binding to a single name, the client may send any target name, and we check now whether this name is acceptable. params are from the create_server_session call.

Flags for init_sec_context. The bool says whether the flag is required (otherwise the feature is only offered). `Mutual_flag is always required.

Required flags for accept_sec_context. `Mutual_flag is always required.

If set, the client will use a certain credential (and not acquire one). This is intended for passing in delegated credentials (well, not really elegant). This needs to be set to the Credential exception of the GSSAPI provider.