GSS-API for RPC authentication
What to return as user name:
`Exported_name
: the exported name in binary format (as described
in RFC 2078, section 3.2). This format can only be read back by
the gss_api
object generating the name.`Prefixed_name
: the display name in a text format
"{<oid>}<namestring>
".`Plain_name
: the string part of the display nameCreates an authentication method from a GSS-API interface. The OID selects the desired authentication method.
Options:
require_privacy
: Whether the messages must be
encrypted. If not enabled, the server also accepts non-encrypted
messages that are authenticated via GSS-API.require_integrity
: Whether integrity checksums must be
included. If not enabled, the server also accepts non-signed
messages that are authenticated via GSS-API.shared_context
: Whether this method maintains only one
security context for all connections. By default,
each connection has a security context of its own. For UDP,
this option needs to be set, because each UDP request is
considered as creating a new connection.acceptor_cred
: Overrides the credentials of the server. By
default, it is left to gss_api
which credential is
assumed.user_name_format
: Defaults to `Prefixed_name
.seq_number_window
: If set, the server checks for replayed
requests. The integer is the length of the check window (see
RFC 2203 section 5.3.3.1). If omitted, no such checks are
performed (the default).Creates an authentication method from a GSS-API interface. The OID selects the desired authentication method.
Options:
privacy
: Selects whether messages are encrypted. If `Required
,
the authentication method fails if the GSS-API does not support
encryption, and it enables encryption if GSS-API supports it.
If `If_possible
encryption is enabled if GSS-API supports it
(the default). If `None
, the messages are not encrypted.integrity
: Selects whether messages are signed. If `Required
,
the authentication method fails if the GSS-API does not support
integrity protection, and it enables this feature if GSS-API supports
it. If `If_possible
integrity protection is enabled if GSS-API
supports it (the default). If `None
, the messages are not signed.user_name_format
: Defaults to `Prefixed_name
.