git.decadent.org.uk Git - nfs-utils.git/commit

author	Kevin Coffman <kwc@citi.umich.edu>
	Wed, 6 Apr 2011 15:25:03 +0000 (11:25 -0400)
committer	Steve Dickson <steved@redhat.com>
	Wed, 6 Apr 2011 15:30:02 +0000 (11:30 -0400)
commit	d6c1b35c6b40243bfd6fba2591c9f8f2653078c0
tree	247e6c2bb3a0c99003c7c006ca15cc28b3a3ffe2	tree \| snapshot
parent	73840ef610accf4cf667427bc64805377c0d8394	commit \| diff

nfs-utils: Add support to svcgssd to limit the negotiated enctypes

Recent versions of Kerberos libraries negotiate and use
an "acceptor subkey".  This negotiation does not consider
that a service may have limited the encryption keys in its
keytab.  A patch (http://src.mit.edu/fisheye/changelog/krb5/?cs=24603)
has been added to the MIT Kerberos code to allow an application
to indicate that it wants to limit the encryption types negotiated.
(This functionality has been available on the client/initiator
side for a while.  The new patch adds this support to the
server/acceptor side.)

This patch adds support to read a recently added nfsd
proc file to determine the encryption types supported by
the kernel and calls the function to limit encryption
types negotiated for the acceptor subkey.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>

utils/gssd/Makefile.am		diff \| blob \| history
utils/gssd/gss_util.c		diff \| blob \| history
utils/gssd/svcgssd.c		diff \| blob \| history
utils/gssd/svcgssd_krb5.c	[new file with mode: 0644]	blob
utils/gssd/svcgssd_krb5.h	[new file with mode: 0644]	blob
utils/gssd/svcgssd_proc.c		diff \| blob \| history