krb v0.16.0 · OCaml Package

type 'connection handle_client :=
  Async.Socket.Address.Inet.t ->
  'connection ->
  unit Async.Deferred.t

type ('authorize, 'r) krb_args :=
  ?on_kerberos_error:
    [ `Call of Async.Socket.Address.Inet.t -> exn -> unit | `Ignore | `Raise ] ->
  ?on_handshake_error:
    [ `Call of
        Handshake_error.Kind.t ->
        Async.Socket.Address.Inet.t ->
        exn ->
        unit
    | `Ignore
    | `Raise ] ->
  ?on_handler_error:
    [ `Call of Async.Socket.Address.Inet.t -> exn -> unit | `Ignore | `Raise ] ->
  ?override_supported_versions:int list ->
  authorize:'authorize ->
  krb_mode:Mode.Server.t ->
  'r

type ('authorize, 'connection) serve :=
  ('authorize,
    Async.Tcp.Where_to_listen.inet ->
    'connection handle_client ->
    (Async.Socket.Address.Inet.t, int) Server.t Async.Deferred.Or_error.t)
    krb_args
    async_tcp_server_args

type ('authorize, 'connection) create_handler :=
  ('authorize,
    'connection handle_client ->
    (Async.Socket.Address.Inet.t ->
      Async.Reader.t ->
      Async.Writer.t ->
      unit Async.Deferred.t)
      Async.Deferred.Or_error.t)
    krb_args

additional_magic_numbers adds additional magic numbers to be advertised by the server during protocol negotiation, usually in the context of reporting metadata about the server. If override_supported_versions is also specified, these numbers are still going to be advertised.

These two arguments are ignored when using Test_with_principal as Krb mode.

val create_handler : 
  ?additional_magic_numbers:int list ->
  (Authorize.t, Async_protocol.Connection.t) create_handler

val create : 
  ?additional_magic_numbers:int list ->
  (Authorize.t, Async_protocol.Connection.t) serve

module Krb_or_anon_conn : sig ... end

val create_handler_with_anon : 
  (Authorize.Anon.t, Krb_or_anon_conn.t) create_handler

This is a bit misleading because it doesn't work with an unkerberized tcp client. It is in an Internal module because it is useful for implementing kerberized rpc create_handler_with_anon.

The create_handler_with_anon server peeks the first few bytes to check if the client is sending a kerberos protocol header. If the unkerberized tcp client is expecting the server to send some initial bytes, it will be waiting until something presumably times out because the server is waiting for the client to send bytes also.

val create_with_anon : (Authorize.Anon.t, Krb_or_anon_conn.t) serve

Similar to create_handler_with_anon, but creates a tcp server, rather than just the client handler.

package krb