LICENSE IPL10
FIXES 124681
add -encrypt flag to pts generic options, allowing the wire to be
encrypted if desired and the user's authenticated. document same.
(cherry picked from commit
6ba44802ea6cf722c22a4784cbbad70ed6f5d60a)
and refuses to perform such an action even if the B<-noauth> flag is
provided.
+=item B<-encrypt>
+
+Establishes an authenticated, encrypted connection to the Protection Server.
+It is useful when it is desired to obscure network traffic related to the
+transactions being done.
+
=item B<-localauth>
Constructs a server ticket using the server encryption key with the
changed = 1;
sec = 1;
}
+ if (as->parms[22].items) { /* -encrypt */
+ changed = 1;
+ sec = 3;
+ }
if (as->parms[18].items || as->parms[20].items) { /* -test, -localauth */
changed = 1;
confdir = AFSDIR_SERVER_ETC_DIRPATH;
"use local authentication");
cmd_AddParm(ts, "-auth", CMD_FLAG, CMD_OPTIONAL,
"use user's authentication (default)");
+ cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
+ "encrypt commands");
}
/*
code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
if (code) {
afs_com_err(whoami, code, "(getting token)");
+ if (secLevel > 1)
+ return code;
scIndex = 0;
} else {
if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
scIndex = 2;
}
sc[2] =
- rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
+ rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
+ rxkad_clear, &ttoken.sessionKey,
ttoken.kvno, ttoken.ticketLen,
ttoken.ticket);
}