Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 4a2736e

Browse files
simo5DirectXMan12
authored andcommitted
Add documentation for cred store common values
Signed-off-by: Simo Sorce <simo@redhat.com>
1 parent 0eeeee5 commit 4a2736e

File tree

6 files changed

+92
-3
lines changed

6 files changed

+92
-3
lines changed

‎docs-requirements.txt

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
11
Sphinx >= 1.3.1
22
sphinx-rtd-theme >= 0.2.5b1
3-
sphinxcontrib-napoleon >= 0.2.8
43
recommonmark >= 0.4.0

‎docs/source/conf.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030

3131
# Add any Sphinx extension module names here, as strings. They can be extensions
3232
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
33-
extensions = ['sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'sphinx.ext.ifconfig', 'sphinx.ext.viewcode', "sphinxcontrib.napoleon", 'gssapi_find_missing', 'requires_rfc']
33+
extensions = ['sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.todo', 'sphinx.ext.coverage', 'sphinx.ext.ifconfig', 'sphinx.ext.viewcode', "sphinx.ext.napoleon", 'gssapi_find_missing', 'requires_rfc']
3434

3535
# Add any paths that contain templates here, relative to this directory.
3636
templates_path = ['_templates']

‎docs/source/credstore.rst

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
Common Values for Credentials Store Extensions
2+
==============================================
3+
4+
The credentials store extension is an extension introduced by the MIT krb5
5+
library implementation of GSSAPI. It allows for finer control of creedntials
6+
from within a GSSAPI application.
7+
Each mechanism can define keywords to manipulate various aspects of their
8+
credentials for storage or retrieval operations.
9+
10+
.. note:
11+
12+
Only mechanisms that implement keywords can use them, some mechanism may
13+
share the same or similar keywords, but their meaning is always local to
14+
a specific mechanism.
15+
16+
The krb5 mechanism in MIT libraries
17+
-----------------------------------
18+
19+
The krb5 mechanism as implemented by MIT libraries supports the credentials
20+
store extension with a number of keywords.
21+
22+
client_keytab
23+
"""""""""""""
24+
25+
The `client_keytab` keyword can be used in a credential store when it is used
26+
with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
27+
:func:`gssapi.raw.ext_cred_store.add_cred_from` functions, to indicate a
28+
custom location for a keytab containing client keys.
29+
It is not used in the context of calls used to store credentials.
30+
The value is a string in the form **type:residual** where **type** can be any
31+
keytab storage type understood by the implementation and **residual** is the
32+
keytab identifier (usually something like a path). If the string is just a path
33+
then the type is defaulted to `FILE`.
34+
35+
keytab
36+
""""""
37+
38+
The `keytab` keyword can be used in a credential store when it is used with
39+
the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
40+
:func:`gssapi.raw.ext_cred_store.add_cred_from` functions, to indicate a
41+
custom location for a keytab containing service keys.
42+
It is not used in the context of calls used to store credentials.
43+
The value is a string in the form **type:residual** where **type** can be any
44+
keytab storage type understood by the implementation and **residual** is the
45+
keytab identifier (usually something like a path). If the string is just a path
46+
then the type is defaulted to `FILE`.
47+
48+
ccache
49+
""""""
50+
51+
The `ccache` keyword can be used to reference a specific credential storage.
52+
It can be used both to indicate the source of existing credentials for the
53+
:func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
54+
:func:`gssapi.raw.ext_cred_store.add_cred_from` functions, as well as the
55+
destination storage for the :func:`gssapi.raw.ext_cred_store.store_cred_into`
56+
function.
57+
The value is a string in the form **type:residual** where type can be any
58+
credential cache storage type understood by the implementation and
59+
**residual** is the ccache identifier. If the string is just a path then
60+
the type is defaulted to `FILE`. Other commonly used types are `DIR`,
61+
`KEYRING`, `KCM`. Each type has a different format for the **residual**;
62+
refer to the MIT krb5 documentation for more details.
63+
64+
rcache
65+
""""""
66+
67+
The `rcache` keyword can be used to reference a custom replay cache storage.
68+
It is used only with the :func:`gssapi.raw.ext_cred_store.acquire_cred_from` /
69+
:func:`gssapi.raw.ext_cred_store.add_cred_from` functions for credentials used
70+
to accept context establishments, not to initiate contexts.
71+
The value is a string in the form **type:residual** where type can be any
72+
replay cache storage type understood by the implementation and **residual** is
73+
the cache identifier (usually something like a path). If the string is just a
74+
path then the type is defaulted to `FILE`.
75+

‎docs/source/index.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ straight into the :doc:`high-level API documentation <gssapi>`.
2828

2929
gssapi.rst
3030
gssapi.raw.rst
31+
otherdoc.rst
3132
tutorials.rst
3233

3334

‎docs/source/otherdoc.rst

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
Other Documentation
2+
===================
3+
4+
This section contain documentation that is not expressed directly in functions
5+
documentation, like implementation specific quirks or issues, implementation
6+
tips, environment influence on operations and similar.
7+
8+
.. toctree::
9+
:maxdepth: 1
10+
11+
credstore.rst

‎gssapi/raw/ext_cred_store.pyx

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,8 @@ usage='both')
109109
110110
Args:
111111
store (dict): the credential store information pointing to the
112-
credential store from which to acquire the credentials
112+
credential store from which to acquire the credentials.
113+
See :doc:`credstore` for valid values
113114
name (Name): the name associated with the credentials,
114115
or None for the default name
115116
lifetime (int): the desired lifetime of the credentials, or None
@@ -204,6 +205,7 @@ init_lifetime=None, accept_lifetime=None)
204205
Args:
205206
store (dict): the store into which to store the credentials,
206207
or None for the default store.
208+
See :doc:`credstore` for valid values
207209
name (Name): the name associated with the credentials
208210
mech (OID): the desired mechanism to be used with these
209211
credentials
@@ -295,6 +297,7 @@ set_default=False)
295297
Args:
296298
store (dict): the store into which to store the credentials,
297299
or None for the default store.
300+
See :doc:`credstore` for valid values
298301
creds (Creds): the credentials to store
299302
usage (str): the usage to store the credentials with -- either
300303
'both', 'initiate', or 'accept'

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /