krb v0.15.0 · OCaml Package

type t = Krb_internal_public.Std.Cred_cache.t

val default : unit -> t Async.Deferred.Or_error.t

default returns Kerberos's notion of a "default" credential cache. This is determined by the following steps, in descending order:

KRB5CCNAME environment variable
default_ccache_name variable in libdefaults in /etc/krb5.conf
DEFCCNAME build parameter (usually FILE:/tmp/krb5cc_%uid)

val default_principal : unit -> Principal.Name.t Async.Deferred.Or_error.t

The principal associated with default

val principal : t -> Principal.Name.t Async.Deferred.Or_error.t

The principal associated with the credential cache supplied

val in_memory_for_principal : Principal.Name.t -> t Async.Deferred.Or_error.t

A shared MEMORY t for principal. If a previous call succeeded for the same principal, the same t is returned. The returned t is never freed, so this function should not be called with an unbounded number of unique principals.

val initialize_with_creds : 
  t ->
  Principal.t ->
  Krb_internal_public.Std.Credentials.t list ->
  unit Async.Deferred.Or_error.t

Initialize t with the given principal and credentials. This function updates t atomically for FILE cred caches.

val initialize_in_memory_with_creds_from : t -> t Async.Deferred.Or_error.t

Initializes the shared MEMORY cache associated with the principal of t (see in_memory_for_principal) with the credentials from t.

module Cross_realm : sig ... end

module Expert : sig ... end

val num_active_renewal_jobs : unit -> int

Return number of active credential renewal loops, as started by calls to keep_valid_indefintely. Note that it avoids creating a new loop for credentials that are already being renewed, even if keep_valid_indefinitely is called multiple times on the same cred cache with the same principal + keytab.

val keep_valid : 
  ?refresh_every:Time_unix.Span.t ->
  ?on_error:[ `Ignore | `Raise | `Call of Core.Error.t -> unit ] ->
  ?keytab:Keytab.Path.t ->
  ?server_cred_cache:t ->
  ?abort:unit Async.Deferred.t ->
  t ->
  unit Async.Deferred.Or_error.t

If this cred cache is expected to contain a TGT, keep that TGT valid. If it is a S4U2Self cache, keep the expected ticket valid.

A keytab should only be provided for TGT caches. It defaults to the User keytab if none is provided.

A server_cred_cache should only be provided if t is a S4U2Self cache. The default cred cache is used if none is provided.

package krb