#include <roken.h>
#ifdef AFS_PTHREAD_ENV
# include <opr/softsig.h>
-# include <afs/procmgmt_softsig.h> /* must come after softsig.h */
#endif
#ifdef AFS_NT40_ENV
OPT_trace,
OPT_dotted,
OPT_restricted_query,
- OPT_transarc_logs
+ OPT_transarc_logs,
+ OPT_s2s_crypt
};
int
afs_uint32 host = ntohl(INADDR_ANY);
struct cmd_syndesc *opts;
struct logOptions logopts;
+ int s2s_rxgk = 0;
char *vl_dbaseName;
char *configDir;
char *auditFileName = NULL;
char *interface = NULL;
char *optstring = NULL;
+ char *s2s_crypt_behavior = NULL;
char *restricted_query_parameter = NULL;
/* rx options */
cmd_AddParmAtOffset(opts, OPT_peer, "-enable_peer_stats", CMD_FLAG,
- CMD_OPTIONAL, "enable RX transport statistics");
+ CMD_OPTIONAL, "enable RX RPC statistics by peer");
cmd_AddParmAtOffset(opts, OPT_process, "-enable_process_stats", CMD_FLAG,
CMD_OPTIONAL, "enable RX RPC statistics");
cmd_AddParmAtOffset(opts, OPT_nojumbo, "-nojumbo", CMD_FLAG,
CMD_FLAG, CMD_OPTIONAL,
"permit Kerberos 5 principals with dots");
+ /* rxgk options */
+ cmd_AddParmAtOffset(opts, OPT_s2s_crypt, "-s2scrypt", CMD_SINGLE,
+ CMD_OPTIONAL,
+ "rxgk-crypt | never");
+
code = cmd_Parse(argc, argv, &opts);
if (code == CMD_HELP) {
exit(0);
free(restricted_query_parameter);
}
+ /* rxgk options */
+ if (cmd_OptionAsString(opts, OPT_s2s_crypt, &s2s_crypt_behavior) == 0) {
+ if (strcmp(s2s_crypt_behavior, "never") == 0) {
+ /* noop; this is the default */
+ } else if (strcmp(s2s_crypt_behavior, "rxgk-crypt") == 0) {
+ s2s_rxgk = 1;
+ } else {
+ printf("Invalid argument for -s2scrypt: %s\n", s2s_crypt_behavior);
+ return -1;
+ }
+ free(s2s_crypt_behavior);
+ s2s_crypt_behavior = NULL;
+ }
+
if (auditFileName) {
osi_audit_file(auditFileName);
}
rx_SetRxDeadTime(50);
ubik_nBuffers = 512;
- ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
+ if (s2s_rxgk) {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuthRXGKCrypt,
+ afsconf_UpToDate, tdir);
+ } else {
+ ubik_SetClientSecurityProcs(afsconf_ClientAuth, afsconf_UpToDate, tdir);
+ }
ubik_SetServerSecurityProcs(afsconf_BuildServerSecurityObjects,
afsconf_CheckAuth, tdir);
rx_SetMaxProcs(tservice, 4);
LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
- if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+ if (afsconf_CountKeys(tdir) == 0) {
+ VLog(0, ("WARNING: No encryption keys found! "
+ "All authenticated accesses will fail."
+ "Run akeyconvert or asetkey to import encryption keys.\n"));
+ } else if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
LogDesWarning();
}
VLog(0, ("%s\n", cml_version_number));