and refuses to perform such an action even if the B<-noauth> flag is
provided.
+=item B<-encrypt>
+
+Establishes an authenticated, encrypted connection to the Protection Server.
+It is useful when it is desired to obscure network traffic related to the
+transactions being done.
+
=item B<-localauth>
Constructs a server ticket using the server encryption key with the
changed = 1;
sec = 1;
}
+ if (as->parms[22].items) { /* -encrypt */
+ changed = 1;
+ sec = 3;
+ }
if (as->parms[18].items || as->parms[20].items) { /* -test, -localauth */
changed = 1;
confdir = AFSDIR_SERVER_ETC_DIRPATH;
"use local authentication");
cmd_AddParm(ts, "-auth", CMD_FLAG, CMD_OPTIONAL,
"use user's authentication (default)");
+ cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL,
+ "encrypt commands");
}
/*
code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
if (code) {
afs_com_err(whoami, code, "(getting token)");
+ if (secLevel > 1)
+ return code;
scIndex = 0;
} else {
if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
scIndex = 2;
}
sc[2] =
- rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
+ rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
+ rxkad_clear, &ttoken.sessionKey,
ttoken.kvno, ttoken.ticketLen,
ttoken.ticket);
}