package krb

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type
val default : unit -> t Async.Deferred.Or_error.t

default returns Kerberos's notion of a "default" credential cache. This is determined by the following steps, in descending order:

  • KRB5CCNAME environment variable
  • default_ccache_name variable in libdefaults in /etc/krb5.conf
  • DEFCCNAME build parameter (usually FILE:/tmp/krb5cc_%uid)
val default_principal : unit -> Principal.Name.t Async.Deferred.Or_error.t

The principal associated with default

The principal associated with the credential cache supplied

val in_memory_for_principal : Principal.Name.t -> t Async.Deferred.Or_error.t

A shared MEMORY t for principal. If a previous call succeeded for the same principal, the same t is returned. The returned t is never freed, so this function should not be called with an unbounded number of unique principals.

val initialize_with_creds : t -> Principal.t -> Krb_internal_public.Std.Credentials.t list -> unit Async.Deferred.Or_error.t

Initialize t with the given principal and credentials. This function updates t atomically for FILE cred caches.

val initialize_in_memory_with_creds_from : t -> t Async.Deferred.Or_error.t

Initializes the shared MEMORY cache associated with the principal of t (see in_memory_for_principal) with the credentials from t.

module Cross_realm : sig ... end
module Expert : sig ... end
val num_active_renewal_jobs : unit -> int

Return number of active credential renewal loops, as started by calls to keep_valid_indefintely. Note that it avoids creating a new loop for credentials that are already being renewed, even if keep_valid_indefinitely is called multiple times on the same cred cache with the same principal + keytab.

val keep_valid : ?refresh_every:Time_float_unix.Span.t -> ?on_error:[ `Ignore | `Raise | `Call of Core.Error.t -> unit ] -> ?keytab:Keytab.Path.t -> ?server_cred_cache:t -> ?abort:unit Async.Deferred.t -> t -> unit Async.Deferred.Or_error.t

If this cred cache is expected to contain a TGT, keep that TGT valid. If it is a S4U2Self cache, keep the expected ticket valid.

A keytab should only be provided for TGT caches. It defaults to the User keytab if none is provided.

A server_cred_cache should only be provided if t is a S4U2Self cache. The default cred cache is used if none is provided.

OCaml

Innovation. Community. Security.