package krb

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type
val check_valid : ?valid_for_at_least:Time_unix.Span.t -> cred_cache:Krb_internal_public.Std.Cred_cache.t -> Principal.Name.t -> unit Async.Deferred.Or_error.t

Check cred_cache for a tgt that will still be valid after valid_for_at_least.

val ensure_valid : ?valid_for_at_least:Time_unix.Span.t -> ?keytab:Keytab.Path.t -> cred_cache:Krb_internal_public.Std.Cred_cache.t -> Principal.Name.t -> unit Async.Deferred.Or_error.t

Try to initialize cred_cache with a tgt for principal if a valid one does not exist. Attempt to acquire a new TGT in the following ways:

  • Move a valid TGT from the default cred cache (if different from cred_cache)
  • Get a new TGT using keytab (if supplied)
  • Renew an existing TGT in cred_cache

Create a new, empty credential cache and use keytab and principal to get and store a tgt into the cache.

Creating a new cred cache of types FILE or DIR leaks files on disk. The finalizer for Cred_cache.t closes the file and frees the memory associated with it, but the file doesn't get removed from disk.

module Cross_realm : sig ... end
val keep_valid_indefinitely : ?refresh_every:Time_unix.Span.t -> ?on_error:[ `Ignore | `Raise | `Call of Core.Error.t -> unit ] -> ?keytab:Keytab.Path.t -> ?abort:unit Async.Deferred.t -> cred_cache:Cred_cache.t -> Principal.Name.t -> unit Async.Deferred.Or_error.t

Ensure an initial tgt. Upon success an ensure_tgt_valid job is scheduled to run every refresh_every. If one of these background jobs fails, the on_error of the first caller determines how to handle the error.

OCaml

Innovation. Community. Security.