<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 2008 (1.71)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Authentication Negotiation</TITLE>
<META NAME="description" CONTENT="Authentication Negotiation">
<META NAME="keywords" CONTENT="developers">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="developers.css">
<LINK REL="previous" HREF="Bnet_API_Changes.html">
<LINK REL="up" HREF="TLS.html">
<LINK REL="next" HREF="Bacula_Regression_Testing.html">
</HEAD>
<BODY >
<!--Navigation Panel-->
<A NAME="tex2html1418"
HREF="Bacula_Regression_Testing.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html1412"
HREF="TLS.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html1408"
HREF="Bnet_API_Changes.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html1414"
HREF="Contents.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<A NAME="tex2html1416"
HREF="GNU_Free_Documentation_Lice.html">
<IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html1419"
HREF="Bacula_Regression_Testing.html">Bacula Regression Testing</A>
<B> Up:</B> <A NAME="tex2html1413"
HREF="TLS.html">TLS</A>
<B> Previous:</B> <A NAME="tex2html1409"
HREF="Bnet_API_Changes.html">Bnet API Changes</A>
<B> <A NAME="tex2html1415"
HREF="Contents.html">Contents</A></B>
<B> <A NAME="tex2html1417"
HREF="GNU_Free_Documentation_Lice.html">Index</A></B>
<BR>
<BR>
<!--End of Navigation Panel-->
<H1><A NAME="SECTION001450000000000000000"></A>
<A NAME="4880"></A>
<A NAME="4881"></A>
<BR>
Authentication Negotiation
</H1>
<P>
Backwards compatibility with the existing SSL negotiation hooks implemented
in src/lib/cram-md5.c have been maintained. The
<I>cram_md5_get_auth()</I> function has been modified to accept an
integer pointer argument, tls_remote_need. The TLS requirement
advertised by the remote host is returned via this pointer.
<P>
After exchanging cram-md5 authentication and TLS requirements, both the
client and server independently decide whether to continue:
<P>
<PRE>
if (!cram_md5_get_auth(dir, password, &tls_remote_need) ||
!cram_md5_auth(dir, password, tls_local_need)) {
[snip]
/* Verify that the remote host is willing to meet our TLS requirements */
if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK &&
tls_remote_need != BNET_TLS_OK) {
sendit(_("Authorization problem:"
" Remote server did not advertise required TLS support.\n"));
auth_success = false;
goto auth_done;
}
/* Verify that we are willing to meet the remote host's requirements */
if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK &&
tls_remote_need != BNET_TLS_OK) {
sendit(_("Authorization problem:"
" Remote server requires TLS.\n"));
auth_success = false;
goto auth_done;
}
</PRE>
<P>
<BR><HR>
<ADDRESS>
2012-01-24
</ADDRESS>
</BODY>
</HTML>
