--- loncom/LondConnection.pm 2004/01/06 09:35:22 1.23
+++ loncom/LondConnection.pm 2004/06/17 10:15:46 1.32
@@ -1,7 +1,7 @@
# This module defines and implements a class that represents
# a connection to a lond daemon.
#
-# $Id: LondConnection.pm,v 1.23 2004/01/06 09:35:22 foxr Exp $
+# $Id: LondConnection.pm,v 1.32 2004/06/17 10:15:46 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -36,7 +36,8 @@ use IO::File;
use Fcntl;
use POSIX;
use Crypt::IDEA;
-
+use LONCAPA::lonlocal;
+use LONCAPA::lonssl;
@@ -44,6 +45,8 @@ use Crypt::IDEA;
my $DebugLevel=0;
my %hostshash;
my %perlvar;
+my $LocalDns = ""; # Need not be defined for managers.
+my $InsecureOk;
#
# Set debugging level
@@ -61,9 +64,11 @@ sub SetDebug {
my $ConfigRead = 0;
# Read the configuration file for apache to get the perl
-# variable set.
+# variables set.
sub ReadConfig {
+ Debug(8, "ReadConfig called");
+
my $perlvarref = read_conf('loncapa.conf');
%perlvar = %{$perlvarref};
my $hoststab = read_hosts(
@@ -72,6 +77,18 @@ sub ReadConfig {
%hostshash = %{$hoststab};
$ConfigRead = 1;
+ my $myLonCapaName = $perlvar{lonHostID};
+ Debug(8, "My loncapa name is $myLonCapaName");
+
+ if(defined $hostshash{$myLonCapaName}) {
+ Debug(8, "My loncapa name is in hosthash");
+ my @ConfigLine = @{$hostshash{$myLonCapaName}};
+ $LocalDns = $ConfigLine[3];
+ Debug(8, "Got local name $LocalDns");
+ }
+ $InsecureOk = $perlvar{loncAllowInsecure};
+
+ Debug(3, "ReadConfig - LocalDNS = $LocalDns");
}
#
@@ -89,8 +106,8 @@ sub ReadConfig {
# to build up the hosts table.
#
sub ReadForeignConfig {
- my $MyHost = shift;
- my $Filename = shift;
+
+ my ($MyHost, $Filename) = @_;
&Debug(4, "ReadForeignConfig $MyHost $Filename\n");
@@ -100,18 +117,29 @@ sub ReadForeignConfig {
%hostshash = %{$hosttab};
if($DebugLevel > 3) {
foreach my $host (keys %hostshash) {
- print "host $host => $hostshash{$host}\n";
+ print STDERR "host $host => $hostshash{$host}\n";
}
}
$ConfigRead = 1;
+ my $myLonCapaName = $perlvar{lonHostID};
+
+ if(defined $hostshash{$myLonCapaName}) {
+ my @ConfigLine = @{$hostshash{$myLonCapaName}};
+ $LocalDns = $ConfigLine[3];
+ }
+ $InsecureOk = $perlvar{loncAllowInsecure};
+
+ Debug(3, "ReadForeignConfig - LocalDNS = $LocalDns");
+
}
sub Debug {
- my $level = shift;
- my $message = shift;
+
+ my ($level, $message) = @_;
+
if ($level < $DebugLevel) {
- print($message."\n");
+ print STDERR ($message."\n");
}
}
@@ -125,6 +153,12 @@ Dump the internal state of the object: F
sub Dump {
my $self = shift;
+ my $level = shift;
+
+ if ($level <= $DebugLevel) {
+ return;
+ }
+
my $key;
my $value;
print STDERR "Dumping LondConnectionObject:\n";
@@ -143,8 +177,9 @@ old state.
=cut
sub Transition {
- my $self = shift;
- my $newstate = shift;
+
+ my ($self, $newstate) = @_;
+
my $oldstate = $self->{State};
$self->{State} = $newstate;
$self->{TimeoutRemaining} = $self->{TimeoutValue};
@@ -174,9 +209,8 @@ host the remote lond is on. This host is
=cut
sub new {
- my $class = shift; # class name.
- my $Hostname = shift; # Name of host to connect to.
- my $Port = shift; # Port to connect
+
+ my ($class, $Hostname, $Port) = @_;
if (!$ConfigRead) {
ReadConfig();
@@ -199,20 +233,23 @@ sub new {
Debug(5, "Connecting to ".$DnsName);
# Now create the object...
my $self = { Host => $DnsName,
- LoncapaHim => $Hostname,
- Port => $Port,
- State => "Initialized",
- TransactionRequest => "",
- TransactionReply => "",
- InformReadable => 0,
- InformWritable => 0,
- TimeoutCallback => undef,
- TransitionCallback => undef,
- Timeoutable => 0,
- TimeoutValue => 30,
- TimeoutRemaining => 0,
- CipherKey => "",
- Cipher => undef};
+ LoncapaHim => $Hostname,
+ Port => $Port,
+ State => "Initialized",
+ AuthenticationMode => "",
+ TransactionRequest => "",
+ TransactionReply => "",
+ InformReadable => 0,
+ InformWritable => 0,
+ TimeoutCallback => undef,
+ TransitionCallback => undef,
+ Timeoutable => 0,
+ TimeoutValue => 30,
+ TimeoutRemaining => 0,
+ LocalKeyFile => "",
+ CipherKey => "",
+ LondVersion => "Unknown",
+ Cipher => undef};
bless($self, $class);
unless ($self->{Socket} = IO::Socket::INET->new(PeerHost => $self->{Host},
PeerPort => $self->{Port},
@@ -221,30 +258,71 @@ sub new {
Timeout => 3)) {
return undef; # Inidicates the socket could not be made.
}
+ my $socket = $self->{Socket}; # For local use only.
+ # If we are local, we'll first try local auth mode, otherwise, we'll try the
+ # ssl auth mode:
+
+ Debug(8, "Connecting to $DnsName I am $LocalDns");
+ my $key;
+ my $keyfile;
+ if ($DnsName eq $LocalDns) {
+ $self->{AuthenticationMode} = "local";
+ ($key, $keyfile) = lonlocal::CreateKeyFile();
+ Debug(8, "Local key: $key, stored in $keyfile");
+
+ # If I can't make the key file fall back to insecure if
+ # allowed...else give up right away.
+
+ if(!(defined $key) || !(defined $keyfile)) {
+ if($InsecureOk) {
+ $self->{AuthenticationMode} = "insecure";
+ $self->{TransactionRequest} = "init\n";
+ }
+ else {
+ $socket->close;
+ return undef;
+ }
+ }
+ $self->{TransactionRequest} = "init:local:$keyfile\n";
+ Debug(9, "Init string is init:local:$keyfile");
+ if(!$self->CreateCipher($key)) { # Nothing's going our way...
+ $socket->close;
+ return undef;
+ }
+
+ }
+ else {
+ $self->{AuthenticationMode} = "ssl";
+ $self->{TransactionRequest} = "init:ssl\n";
+ }
+
#
# We're connected. Set the state, and the events we'll accept:
#
$self->Transition("Connected");
$self->{InformWritable} = 1; # When socket is writable we send init
$self->{Timeoutable} = 1; # Timeout allowed during startup negotiation.
- $self->{TransactionRequest} = "init\n";
+
#
# Set socket to nonblocking I/O.
#
my $socket = $self->{Socket};
- my $flags = fcntl($socket->fileno, F_GETFL,0);
- if($flags == -1) {
+ my $flags = fcntl($socket, F_GETFL,0);
+ if(!$flags) {
$socket->close;
return undef;
}
- if(fcntl($socket, F_SETFL, $flags | O_NONBLOCK) == -1) {
+ if(!fcntl($socket, F_SETFL, $flags | O_NONBLOCK)) {
$socket->close;
return undef;
}
# return the object :
+ Debug(9, "Initial object state: ");
+ $self->Dump(9);
+
return $self;
}
@@ -278,7 +356,17 @@ sub Readable {
my $self = shift;
my $socket = $self->{Socket};
my $data = '';
- my $rv = $socket->recv($data, POSIX::BUFSIZ, 0);
+ my $rv;
+ my $ConnectionMode = $self->{AuthenticationMode};
+
+ if ($socket) {
+ eval {
+ $rv = $socket->recv($data, POSIX::BUFSIZ, 0);
+ }
+ } else {
+ $self->Transition("Disconnected");
+ return -1;
+ }
my $errno = $! + 0; # Force numeric context.
unless (defined($rv) && length $data) {# Read failed,
@@ -299,53 +387,143 @@ sub Readable {
&Debug(9,"Received from host: ".$data);
$self->{TransactionReply} .= $data;
- if($self->{TransactionReply} =~ /(.*\n)/) {
+ if($self->{TransactionReply} =~ m/\n$/) {
&Debug(8,"Readable End of line detected");
+
+
if ($self->{State} eq "Initialized") { # We received the challenge:
- if($self->{TransactionReply} eq "refused\n") { # Remote doesn't have
-
- $self->Transition("Disconnected"); # in host tables.
+ # Our init was replied to. What happens next depends both on
+ # the actual init we sent (AuthenticationMode member data)
+ # and the response:
+ # AuthenticationMode == local:
+ # Response ok: The key has been exchanged and
+ # the key file destroyed. We can jump
+ # into setting the host and requesting the
+ # Later we'll also bypass key exchange.
+ # Response digits:
+ # Old style lond. Delete the keyfile.
+ # If allowed fall back to insecure mode.
+ # else close connection and fail.
+ # Response other:
+ # Failed local auth
+ # Close connection and fail.
+ #
+ # AuthenticationMode == ssl:
+ # Response ok:ssl
+ # Response digits:
+ # Response other:
+ # Authentication mode == insecure
+ # Response digits
+ # Response other:
+
+ my $Response = $self->{TransactionReply};
+ if($ConnectionMode eq "local") {
+ if($Response =~ /^ok:local/) { # Good local auth.
+ $self->ToVersionRequest();
+ return 0;
+ }
+ elsif ($Response =~/^[0-9]+/) { # Old style lond.
+ return $self->CompleteInsecure();
+
+ }
+ else { # Complete flop
+ &Debug(3, "init:local : unrecognized reply");
+ $self->Transition("Disconnected");
+ $socket->close;
+ return -1;
+ }
+ }
+ elsif ($ConnectionMode eq "ssl") {
+ if($Response =~ /^ok:ssl/) { # Good ssl...
+ if($self->ExchangeKeysViaSSL()) { # Success skip to vsn stuff
+ # Need to reset to non blocking:
+
+ my $flags = fcntl($socket, F_GETFL, 0);
+ fcntl($socket, F_SETFL, $flags | O_NONBLOCK);
+ $self->ToVersionRequest();
+ return 0;
+ }
+ else { # Failed in ssl exchange.
+ &Debug(3,"init:ssl failed key negotiation!");
+ $self->Transition("Disconnected");
+ $socket->close;
+ return -1;
+ }
+ }
+ elsif ($Response =~ /^[0-9]+/) { # Old style lond.
+ return $self->CompleteInsecure();
+ }
+ else { # Complete flop
+ }
+ }
+ elsif ($ConnectionMode eq "insecure") {
+ if($self->{TransactionReply} eq "refused\n") { # Remote doesn't have
+
+ $self->Transition("Disconnected"); # in host tables.
+ $socket->close();
+ return -1;
+
+ }
+ return $self->CompleteInsecure();
+ }
+ else {
+ &Debug(1,"Authentication mode incorrect");
+ die "BUG!!! LondConnection::Readable invalid authmode";
+ }
+
+
+ } elsif ($self->{State} eq "ChallengeReplied") {
+ if($self->{TransactionReply} ne "ok\n") {
+ $self->Transition("Disconnected");
$socket->close();
return -1;
}
+ $self->ToVersionRequest();
+ return 0;
- &Debug(8," Transition out of Initialized");
- $self->{TransactionRequest} = $self->{TransactionReply};
- $self->{InformWritable} = 1;
- $self->{InformReadable} = 0;
- $self->Transition("ChallengeReceived");
- $self->{TimeoutRemaining} = $self->{TimeoutValue};
+ } elsif ($self->{State} eq "ReadingVersionString") {
+ $self->{LondVersion} = chomp($self->{TransactionReply});
+ $self->Transition("SetHost");
+ $self->{InformReadable} = 0;
+ $self->{InformWritable} = 1;
+ my $peer = $self->{LoncapaHim};
+ $self->{TransactionRequest}= "sethost:$peer\n";
return 0;
- } elsif ($self->{State} eq "ChallengeReplied") { # should be ok.
- if($self->{TransactionReply} != "ok\n") {
+ } elsif ($self->{State} eq "HostSet") { # should be ok.
+ if($self->{TransactionReply} ne "ok\n") {
$self->Transition("Disconnected");
$socket->close();
return -1;
}
- $self->Transition("RequestingKey");
- $self->{InformReadable} = 0;
- $self->{InformWritable} = 1;
- $self->{TransactionRequest} = "ekey\n";
- return 0;
+ # If the auth mode is insecure we must still
+ # exchange session keys. Otherwise,
+ # we can just transition to idle.
+
+ if($ConnectionMode eq "insecure") {
+ $self->Transition("RequestingKey");
+ $self->{InformReadable} = 0;
+ $self->{InformWritable} = 1;
+ $self->{TransactionRequest} = "ekey\n";
+ return 0;
+ }
+ else {
+ $self->ToIdle();
+ return 0;
+ }
} elsif ($self->{State} eq "ReceivingKey") {
my $buildkey = $self->{TransactionReply};
my $key = $self->{LoncapaHim}.$perlvar{'lonHostID'};
$key=~tr/a-z/A-Z/;
$key=~tr/G-P/0-9/;
$key=~tr/Q-Z/0-9/;
- $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
- $key=substr($key,0,32);
- my $cipherkey=pack("H32",$key);
- $self->{Cipher} = new IDEA $cipherkey;
- if($self->{Cipher} eq undef) {
+ $key =$key.$buildkey.$key.$buildkey.$key.$buildkey;
+ $key = substr($key,0,32);
+ if(!$self->CreateCipher($key)) {
$self->Transition("Disconnected");
$socket->close();
return -1;
} else {
- $self->Transition("Idle");
- $self->{InformWritable} = 0;
- $self->{InformReadable} = 0;
- $self->{Timeoutable} = 0;
+ $self->ToIdle();
return 0;
}
} elsif ($self->{State} eq "ReceivingReply") {
@@ -360,10 +538,7 @@ sub Readable {
# finish the transaction
- $self->{InformWritable} = 0;
- $self->{InformReadable} = 0;
- $self->{Timeoutable} = 0;
- $self->Transition("Idle");
+ $self->ToIdle();
return 0;
} elsif ($self->{State} eq "Disconnected") { # No connection.
return -1;
@@ -393,7 +568,18 @@ Returns 0 if successful, or -1 if not.
sub Writable {
my $self = shift; # Get reference to the object.
my $socket = $self->{Socket};
- my $nwritten = $socket->send($self->{TransactionRequest}, 0);
+ my $nwritten;
+ if ($socket) {
+ eval {
+ $nwritten = $socket->send($self->{TransactionRequest}, 0);
+ }
+ } else {
+ # For whatever reason, there's no longer a socket left.
+
+
+ $self->Transition("Disconnected");
+ return -1;
+ }
my $errno = $! + 0;
unless (defined $nwritten) {
if($errno != POSIX::EINTR) {
@@ -408,35 +594,39 @@ sub Writable {
($errno == POSIX::EINTR) ||
($errno == 0)) {
substr($self->{TransactionRequest}, 0, $nwritten) = ""; # rmv written part
- if(length $self->{TransactionRequest} == 0) {
- $self->{InformWritable} = 0;
- $self->{InformReadable} = 1;
- $self->{TransactionReply} = '';
- #
- # Figure out the next state:
- #
- if($self->{State} eq "Connected") {
- $self->Transition("Initialized");
- } elsif($self->{State} eq "ChallengeReceived") {
- $self->Transition("ChallengeReplied");
- } elsif($self->{State} eq "RequestingKey") {
- $self->Transition("ReceivingKey");
- $self->{InformWritable} = 0;
- $self->{InformReadable} = 1;
- $self->{TransactionReply} = '';
- } elsif ($self->{State} eq "SendingRequest") {
- $self->Transition("ReceivingReply");
- $self->{TimeoutRemaining} = $self->{TimeoutValue};
- } elsif ($self->{State} eq "Disconnected") {
- return -1;
- }
- return 0;
- }
- } else { # The write failed (e.g. partner disconnected).
- $self->Transition("Disconnected");
- $socket->close();
- return -1;
- }
+ if(length $self->{TransactionRequest} == 0) {
+ $self->{InformWritable} = 0;
+ $self->{InformReadable} = 1;
+ $self->{TransactionReply} = '';
+ #
+ # Figure out the next state:
+ #
+ if($self->{State} eq "Connected") {
+ $self->Transition("Initialized");
+ } elsif($self->{State} eq "ChallengeReceived") {
+ $self->Transition("ChallengeReplied");
+ } elsif($self->{State} eq "RequestingVersion") {
+ $self->Transition("ReadingVersionString");
+ } elsif ($self->{State} eq "SetHost") {
+ $self->Transition("HostSet");
+ } elsif($self->{State} eq "RequestingKey") {
+ $self->Transition("ReceivingKey");
+# $self->{InformWritable} = 0;
+# $self->{InformReadable} = 1;
+# $self->{TransactionReply} = '';
+ } elsif ($self->{State} eq "SendingRequest") {
+ $self->Transition("ReceivingReply");
+ $self->{TimeoutRemaining} = $self->{TimeoutValue};
+ } elsif ($self->{State} eq "Disconnected") {
+ return -1;
+ }
+ return 0;
+ }
+ } else { # The write failed (e.g. partner disconnected).
+ $self->Transition("Disconnected");
+ $socket->close();
+ return -1;
+ }
}
=pod
@@ -492,8 +682,8 @@ timout, and to request writability notif
=cut
sub InitiateTransaction {
- my $self = shift;
- my $data = shift;
+
+ my ($self, $data) = @_;
Debug(1, "initiating transaction: ".$data);
if($self->{State} ne "Idle") {
@@ -544,8 +734,9 @@ established callback or undef if there w
=cut
sub SetTimeoutCallback {
- my $self = shift;
- my $callback = shift;
+
+ my ($self, $callback) = @_;
+
my $oldCallback = $self->{TimeoutCallback};
$self->{TimeoutCallback} = $callback;
return $oldCallback;
@@ -673,8 +864,8 @@ The output string can be directly sent t
=cut
sub Encrypt {
- my $self = shift; # Reference to the object.
- my $request = shift; # Text to send.
+
+ my ($self, $request) = @_;
# Split the encrypt: off the request and figure out it's length.
@@ -716,8 +907,8 @@ Decrypt a response from the server. The
=cut
sub Decrypt {
- my $self = shift; # Recover reference to object
- my $encrypted = shift; # This is the encrypted data.
+
+ my ($self, $encrypted) = @_;
# Bust up the response into length, and encryptedstring:
@@ -744,6 +935,156 @@ sub Decrypt {
return $decrypted;
}
+# ToIdle
+# Called to transition to idle... done enough it's worth subbing
+# off to ensure it's always done right!!
+#
+sub ToIdle {
+ my $self = shift;
+
+ $self->Transition("Idle");
+ $self->{InformWritiable} = 0;
+ $self->{InformReadable} = 0;
+ $self->{Timeoutable} = 0;
+}
+
+# ToVersionRequest
+# Called to transition to "RequestVersion" also done a few times
+# so worth subbing out.
+#
+sub ToVersionRequest {
+ my $self = shift;
+
+ $self->Transition("RequestingVersion");
+ $self->{InformReadable} = 0;
+ $self->{InformWritable} = 1;
+ $self->{TransactionRequest} = "version\n";
+
+}
+#
+# CreateCipher
+# Given a cipher key stores the key in the object context,
+# creates the cipher object, (stores that in object context),
+# This is done a couple of places, so it's worth factoring it out.
+#
+# Parameters:
+# (self)
+# key - The Cipher key.
+#
+# Returns:
+# 0 - Failure to create IDEA cipher.
+# 1 - Success.
+#
+sub CreateCipher {
+ my ($self, $key) = @_; # According to coding std.
+
+ $self->{CipherKey} = $key; # Save the text key...
+ my $packedkey = pack ("H32", $key);
+ my $cipher = new IDEA $packedkey;
+ if($cipher) {
+ $self->{Cipher} = $cipher;
+ Debug("Cipher created dumping socket: ");
+ $self->Dump(9);
+ return 1;
+ }
+ else {
+ return 0;
+ }
+}
+# ExchangeKeysViaSSL
+# Called to do cipher key exchange via SSL.
+# The socket is promoted to an SSL socket. If that's successful,
+# we read out cipher key through the socket and create an IDEA
+# cipher object.
+# Parameters:
+# (self)
+# Returns:
+# true - Success.
+# false - Failure.
+#
+# Assumptions:
+# 1. The ssl session setup has timeout logic built in so we don't
+# have to worry about DOS attacks at that stage.
+# 2. If the ssl session gets set up we are talking to a legitimate
+# lond so again we don't have to worry about DOS attacks.
+# All this allows us just to call
+sub ExchangeKeysViaSSL {
+ my $self = shift;
+ my $socket = $self->{Socket};
+
+ # Get our signed certificate, the certificate authority's
+ # certificate and our private key file. All of these
+ # are needed to create the ssl connection.
+
+ my ($SSLCACertificate,
+ $SSLCertificate) = lonssl::CertificateFile();
+ my $SSLKey = lonssl::KeyFile();
+
+ # Promote our connection to ssl and read the key from lond.
+
+ my $SSLSocket = lonssl::PromoteClientSocket($socket,
+ $SSLCACertificate,
+ $SSLCertificate,
+ $SSLKey);
+ if(defined $SSLSocket) {
+ my $key = <$SSLSocket>;
+ lonssl::Close($SSLSocket);
+ if($key) {
+ chomp($key); # \n is not part of the key.
+ return $self->CreateCipher($key);
+ }
+ else {
+ Debug(3, "Failed to read ssl key");
+ return 0;
+ }
+ }
+ else {
+ # Failed!!
+ Debug(3, "Failed to negotiate SSL connection!");
+ return 0;
+ }
+ # should not get here
+ return 0;
+
+}
+
+
+
+#
+# CompleteInsecure:
+# This function is called to initiate the completion of
+# insecure challenge response negotiation.
+# To do this, we copy the challenge string to the transaction
+# request, flip to writability and state transition to
+# ChallengeReceived..
+# All this is only possible if InsecureOk is true.
+# Parameters:
+# (self) - This object's context hash.
+# Return:
+# 0 - Ok to transition.
+# -1 - Not ok to transition (InsecureOk not ok).
+#
+sub CompleteInsecure {
+ my $self = shift;
+ if($InsecureOk) {
+ $self->{AuthenticationMode} = "insecure";
+ &Debug(8," Transition out of Initialized:insecure");
+ $self->{TransactionRequest} = $self->{TransactionReply};
+ $self->{InformWritable} = 1;
+ $self->{InformReadable} = 0;
+ $self->Transition("ChallengeReceived");
+ $self->{TimeoutRemaining} = $self->{TimeoutValue};
+ return 0;
+
+
+ }
+ else {
+ &Debug(3, "Insecure key negotiation disabled!");
+ my $socket = $self->{Socket};
+ $socket->close;
+ return -1;
+ }
+}
=pod
@@ -793,7 +1134,7 @@ sub read_conf
foreach my $filename (@conf_files,'loncapa_apache.conf')
{
if($DebugLevel > 3) {
- print("Going to read $confdir.$filename\n");
+ print STDERR ("Going to read $confdir.$filename\n");
}
open(CONFIG,'<'.$confdir.$filename) or
die("Can't read $confdir$filename");
@@ -809,9 +1150,9 @@ sub read_conf
close(CONFIG);
}
if($DebugLevel > 3) {
- print "Dumping perlvar:\n";
+ print STDERR "Dumping perlvar:\n";
foreach my $var (keys %perlvar) {
- print "$var = $perlvar{$var}\n";
+ print STDERR "$var = $perlvar{$var}\n";
}
}
my $perlvarref=\%perlvar;
@@ -856,7 +1197,17 @@ sub read_hosts {
my $hostref = \%HostsTab;
return ($hostref);
}
-
+#
+# Get the version of our peer. Note that this is only well
+# defined if the state machine has hit the idle state at least
+# once (well actually if it has transitioned out of
+# ReadingVersionString The member data LondVersion is returned.
+#
+sub PeerVersion {
+ my $self = shift;
+
+ return $self->{LondVersion};
+}
1;
@@ -931,6 +1282,17 @@ Socket open on the connection.
The current state.
+=item AuthenticationMode
+
+How authentication is being done. This can be any of:
+
+ o local - Authenticate via a key exchanged in a file.
+ o ssl - Authenticate via a key exchaned through a temporary ssl tunnel.
+ o insecure - Exchange keys in an insecure manner.
+
+insecure is only allowed if the configuration parameter loncAllowInsecure
+is nonzero.
+
=item TransactionRequest
The request being transmitted.
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.