Plasma GitLab Archive
Projects Blog Knowledge

Module Netmech_krb5_sasl.Krb5_gs2_profile

module Krb5_gs2_profile: Netmech_gs2_sasl.PROFILE 

This is the profile used for Netmech_krb5_sasl.Krb5_gs2


val mechanism_name : string

The GS2 version of the mechanism name (w/o "-PLUS" suffix)

val announce_channel_binding : bool

Whether to announce the availability of channel binding by adding "-PLUS" to the mechanism name, and by offering channel bindings in the initial token.

val mechanism_oid : Netsys_gssapi.oid

The OID of the mechanism to use

val client_additional_params : string list

Additional parameters understood by create_client_session

val server_additional_params : string list

Additional parameters understood by create_server_session

val client_map_user_name : params:(string * string) list -> string -> string * Netsys_gssapi.oid

For clients: maps user names to a pair (name_string,name_type) that can be used in the GSSAPI for acquiring a name. If the name_type is the empty array, no target name is passed to the GSSAPI.

The params are from the create_client_session call.

val server_map_user_name : params:(string * string) list -> string * Netsys_gssapi.oid -> string

For servers: maps a pair (name_string,name_type) coming from the GSSAPI to a user name. The params are from the create_server_session call.

The function may raise Not_found in which case the authentication will fail.

val client_get_target_name : params:(string * string) list -> string * Netsys_gssapi.oid

For clients: get the GSSAPI name of the target to contact as (name_string,name_type) pair. If the name_type is the empty array, no target name is passed to the GSSAPI.

The params are from the create_client_session call.

val server_bind_target_name : params:(string * string) list -> (string * Netsys_gssapi.oid) option

For servers: optionally bind the GSSAPI name of the server. The params are from the create_server_session call.

val server_check_target_name : params:(string * string) list -> string * Netsys_gssapi.oid -> bool

For servers: check whether the GSSAPI name the client sent is the right one. This is a more flexible alternative to server_bind_target_name: instead of binding to a single name, the client may send any target name, and we check now whether this name is acceptable. params are from the create_server_session call.

val client_flags : params:(string * string) list -> (Netsys_gssapi.req_flag * bool) list

Flags for init_sec_context. The bool says whether the flag is required (otherwise the feature is only offered). `Mutual_flag is always required.

val server_flags : params:(string * string) list -> Netsys_gssapi.req_flag list

Required flags for accept_sec_context. `Mutual_flag is always required.

val client_credential : exn option

If set, the client will use a certain credential (and not acquire one). This is intended for passing in delegated credentials (well, not really elegant). This needs to be set to the Credential exception of the GSSAPI provider.

This web site is published by Informatikbüro Gerd Stolpmann
Powered by Caml