package krb

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

A keytab (key table) is a file containing pairs of kerberos principals and encryption keys. You can use a keytab file to do kerberos authentication without having to enter a password (the key is derived from your password). Keytab's are generally used for 2 reasons:

  1. Kerberized servers *SHOULD* have a keytab so they can accept encrypted data from clients, unless they are running as human users
  2. Kerberized clients *MAY* use a keytab to obtain initial credentials (tgt). This might be useful for a long running application, so you don't need to type in a password to refresh credentials.

For a more complete explanation, see the MIT krb5 documentation: http://web.mit.edu/kerberos/krb5-latest/doc/basic/keytab_def.html

module Path : sig ... end
val validate : t -> Principal.t -> unit Async.Deferred.Or_error.t

Ensure the keytab can be loaded successfully and contains an entry for the given principal. This does not verify whether the keytab is up to date, since it only performs offline checks.

val validate_path : Path.t -> Principal.Name.t -> unit Async.Deferred.Or_error.t

Like validate but takes a path and principal name

val remove_spn : t -> Principal.Name.t -> unit Async.Deferred.Or_error.t
val add_entry : t -> password:string -> enctype:Krb_internal_public.Std.Enctype.t -> kvno:int -> principal:Principal.t -> unit Async.Deferred.Or_error.t
val add_new_entry_for_all_principals : ?kvno:int -> t -> password:string -> unit Async.Deferred.Or_error.t

For each principal and enctype in the keytab, add a fresh key generated from the provided password.

  • There must not be principals with conflicting keys with the latest kvno.
  • If no kvno is provided, uses value one greater than the latest kvno found in the keytab.
module Stable : sig ... end
OCaml

Innovation. Community. Security.