module type PROFILE =sig..end
val mechanism_name : stringThe GS2 version of the mechanism name (w/o "-PLUS" suffix)
val announce_channel_binding : boolWhether to announce the availability of channel binding by adding "-PLUS" to the mechanism name, and by offering channel bindings in the initial token.
val mechanism_oid : Netsys_gssapi.oidThe OID of the mechanism to use
val client_additional_params : string listAdditional parameters understood by create_client_session
val server_additional_params : string listAdditional parameters understood by create_server_session
val client_map_user_name : params:(string * string) list -> string -> string * Netsys_gssapi.oidFor clients: maps user names to a pair (name_string,name_type)
that can be used in the GSSAPI for acquiring a name.
If the name_type is the empty
array, no target name is passed to the GSSAPI.
The params are from the create_client_session call.
val server_map_user_name : params:(string * string) list -> string * Netsys_gssapi.oid -> stringFor servers: maps a pair (name_string,name_type) coming from the
GSSAPI to a user name. The
params are from the create_server_session call.
The function may raise Not_found in which case the authentication
will fail.
val client_get_target_name : params:(string * string) list -> string * Netsys_gssapi.oidFor clients: get the GSSAPI name of the target to contact as
(name_string,name_type) pair. If the name_type is the empty
array, no target name is passed to the GSSAPI.
The params are from the create_client_session call.
val server_bind_target_name : params:(string * string) list -> (string * Netsys_gssapi.oid) optionFor servers: optionally bind the GSSAPI name of the server. The
params are from the create_server_session call.
val server_check_target_name : params:(string * string) list -> string * Netsys_gssapi.oid -> boolFor servers: check whether the GSSAPI name the client sent is the
right one. This is a more flexible alternative to
server_bind_target_name: instead of binding to a single name,
the client may send any target name, and we check now whether
this name is acceptable.
params are from the create_server_session call.
val client_flags : params:(string * string) list -> (Netsys_gssapi.req_flag * bool) listFlags for init_sec_context. The bool says whether the flag is
required (otherwise the feature is only offered). `Mutual_flag
is always required.
val server_flags : params:(string * string) list -> Netsys_gssapi.req_flag listRequired flags for accept_sec_context. `Mutual_flag
is always required.
val client_credential : exn optionIf set, the client will use a certain credential (and not acquire
one). This is intended for passing in delegated credentials (well,
not really elegant). This needs to be set to the Credential
exception of the GSSAPI provider.