git.openafs.org Git - openafs.git/commit

author	Nathaniel Wesley Filardo <nwfilardo@gmail.com>
	Fri, 1 Aug 2014 06:48:21 +0000 (02:48 -0400)
committer	Benjamin Kaduk <kaduk@mit.edu>
	Tue, 17 May 2016 03:52:40 +0000 (23:52 -0400)
commit	49106a54993a0c9c64b407f05deaabe8f64e742d
tree	d927e942a8738f7b146c7ae772144bc0ba81f9f6	tree \| snapshot
parent	4bd716223492aec23599a5ac01bce3cc47160bfd	commit \| diff

Use rxkad_crypt for inter-volser traffic, if asked

Add a -s2scrypt option to the volume server, with possible options:

  * never -- the existing behavior

  * always -- switch to using afsconf_ClientAuthSecure, which uses
    rxkad_crypt, for ForwardVolume calls.

  * inherit -- encrypt inter-server traffic if the causal client
    connection is encrypted.  This has the effect of "inheriting" the
    "-encrypt" flag given to "vos release", for example.

Thanks to Jeffrey Altman for pointers and to Andrew Deason for noting
the existence of rxkad_GetServerInfo.

[mmeffie@sinenomine.net fix assertion and style update.]

Change-Id: Ia295ba3f29a8494c8250a480fb26594468d2116a
Reviewed-on: https://gerrit.openafs.org/11349
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Thomas Keiser <tkeiser@gmail.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

doc/man-pages/pod8/fragments/volserver-options.pod		diff \| blob \| history
doc/man-pages/pod8/fragments/volserver-synopsis.pod		diff \| blob \| history
src/volser/volmain.c		diff \| blob \| history
src/volser/volprocs.c		diff \| blob \| history
src/volser/volser.p.h		diff \| blob \| history