module Pfs_auth:sig
..end
typelevel =
[ `Authenticated | `Integrity | `None | `Privacy ]
`None
: No protection (unauthenticated access)`Authenticated
: The user needs to log in, but the messages
are unprotected otherwise`Integrity
: The user needs to log in, and additionally
the messages are integrity-protected (signed). This is the
recommended minimum level.`Privacy
: The user needs to log in, and additionally
the messages are encypted (this includes integrity-protection).type
access = {
|
min_level : |
(* | The minimum level of protection for incoming connections | *) |
|
users : |
(* | The users with passwords. Incoming connections can log in
as any of these users. The passwords are sometimes also
used for outgoing connections to other servers.
The tuple is:
| *) |
val string_of_level : level -> string
val level_of_string : string -> level
val extract_access_config : Netplex_types.config_file -> Netplex_types.address -> access
access {
min_level = "auth"; (* or "int", or "priv" *)
user { name = "name"; password = "pw" };
(* more users possible *)
}
If this section is missing, a level of `None
is assumed.
It is possible to use password_file
instead of password
to
read the password from the first line of a given file (relative
to the config file).
val privileged_user : string
val bottom_user : string
val configure_rpc_server : Rpc_server.t -> access -> unit
For many services, the user "proot" is required at minimum (if access control is enabled). This is already checked by the configured authentication method.
The procedure 0 is handled specially here and never requires
authentication.
type
client_auth = {
|
level : |
(* | The level actually used | *) |
|
proot_pw : |
(* | The password of "proot" | *) |
|
pnobody_pw : |
(* | The password of "pnobody" | *) |
val extract_client_config : Netplex_types.config_file -> Netplex_types.address -> client_auth
access {
client_level = "auth"; (* or "int", or "priv" *)
user { name = "proot"; password = "pw" };
(* Optionally also a record for "pnobody" possible *)
}
If this section is missing, a level of `None
is assumed.
val rpc_proxy_auth_methods : client_auth -> bool -> Rpc_client.auth_method list
mclient_auth_methods
field.
The bool says whether the access is privileged ("proot" is used
instead of "pnobody").