OPT_rxbind,
OPT_rxmaxmtu,
OPT_dotted,
- OPT_transarc_logs
+ OPT_transarc_logs,
+ OPT_s2s_crypt
};
int
afs_uint32 host = htonl(INADDR_ANY);
struct cmd_syndesc *opts;
struct cmd_item *list;
+ int s2s_rxgk = 0;
char *pr_dbaseName;
char *configDir;
char *auditFileName = NULL;
char *interface = NULL;
+ char *s2s_crypt_behavior = NULL;
#ifdef AFS_AIX32_ENV
/*
CMD_FLAG, CMD_OPTIONAL,
"permit Kerberos 5 principals with dots");
+ /* rxgk options */
+ cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt", CMD_SINGLE,
+ CMD_OPTIONAL,
+ "rxgk-crypt | never");
+
code = cmd_Parse(argc, argv, &opts);
if (code == CMD_HELP) {
PT_EXIT(0);
/* rxkad options */
cmd_OptionAsFlag(opts, OPT_dotted, &rxkadDisableDotCheck);
+ /* rxgk options */
+ if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
+ if (strcmp(s2s_crypt_behavior, "never") == 0) {
+ /* noop; this is the default */
+ } else if (strcmp(s2s_crypt_behavior, "rxgk-crypt") == 0) {
+ s2s_rxgk = 1;
+ } else {
+ fprintf(stderr, "Invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
+ PT_EXIT(1);
+ }
+ free(s2s_crypt_behavior);
+ s2s_crypt_behavior = NULL;
+ }
+
cmd_FreeOptions(&opts);
if (auditFileName) {
osi_audit_set_user_check(prdir, pr_IsLocalRealmMatch);
/* initialize ubik */
- ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, prdir);
+ if (s2s_rxgk) {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuthRXGKCrypt,
+ afsconf_UpToDate, prdir);
+ } else {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate,
+ prdir);
+ }
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, prdir);
rx_SetMinProcs(tservice, 2);
rx_SetMaxProcs(tservice, lwps);
if (rxkadDisableDotCheck) {
- rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
- (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ code = rx_SetSecurityConfiguration(tservice, RXS_CONFIG_FLAGS,
+ (void *)RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ if (code) {
+ afs_com_err(whoami, code, "Failed to allow dotted principals");
+ PT_EXIT(3);
+ }
}
tservice =