<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <!--Converted with LaTeX2HTML 2008 (1.71) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>Authentication Negotiation</TITLE> <META NAME="description" CONTENT="Authentication Negotiation"> <META NAME="keywords" CONTENT="developers"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META NAME="Generator" CONTENT="LaTeX2HTML v2008"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="developers.css"> <LINK REL="previous" HREF="Bnet_API_Changes.html"> <LINK REL="up" HREF="TLS.html"> <LINK REL="next" HREF="Bacula_Regression_Testing.html"> </HEAD> <BODY > <!--Navigation Panel--> <A NAME="tex2html1418" HREF="Bacula_Regression_Testing.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> <A NAME="tex2html1412" HREF="TLS.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> <A NAME="tex2html1408" HREF="Bnet_API_Changes.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> <A NAME="tex2html1414" HREF="Contents.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A> <A NAME="tex2html1416" HREF="GNU_Free_Documentation_Lice.html"> <IMG WIDTH="43" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="index" SRC="index.png"></A> <BR> <B> Next:</B> <A NAME="tex2html1419" HREF="Bacula_Regression_Testing.html">Bacula Regression Testing</A> <B> Up:</B> <A NAME="tex2html1413" HREF="TLS.html">TLS</A> <B> Previous:</B> <A NAME="tex2html1409" HREF="Bnet_API_Changes.html">Bnet API Changes</A> <B> <A NAME="tex2html1415" HREF="Contents.html">Contents</A></B> <B> <A NAME="tex2html1417" HREF="GNU_Free_Documentation_Lice.html">Index</A></B> <BR> <BR> <!--End of Navigation Panel--> <H1><A NAME="SECTION001450000000000000000"></A> <A NAME="4880"></A> <A NAME="4881"></A> <BR> Authentication Negotiation </H1> <P> Backwards compatibility with the existing SSL negotiation hooks implemented in src/lib/cram-md5.c have been maintained. The <I>cram_md5_get_auth()</I> function has been modified to accept an integer pointer argument, tls_remote_need. The TLS requirement advertised by the remote host is returned via this pointer. <P> After exchanging cram-md5 authentication and TLS requirements, both the client and server independently decide whether to continue: <P> <PRE> if (!cram_md5_get_auth(dir, password, &tls_remote_need) || !cram_md5_auth(dir, password, tls_local_need)) { [snip] /* Verify that the remote host is willing to meet our TLS requirements */ if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) { sendit(_("Authorization problem:" " Remote server did not advertise required TLS support.\n")); auth_success = false; goto auth_done; } /* Verify that we are willing to meet the remote host's requirements */ if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) { sendit(_("Authorization problem:" " Remote server requires TLS.\n")); auth_success = false; goto auth_done; } </PRE> <P> <BR><HR> <ADDRESS> 2010-06-14 </ADDRESS> </BODY> </HTML>