[OpenAFS] Re: OpenAFS-info digest, Vol 1 #1230 - 16 msgs
Meghadri Ghosh
meghadri@stanford.edu
Thu, 5 Jun 2003 04:25:12 -0700
----- Original Message ----- >
> Message: 10
> Date: Wed, 4 Jun 2003 23:26:54 -0500 (CDT)
> From: Charles Clancy <security@xauth.net>
> To: Harald Pobloth <Harald.Pobloth@s3.kth.se>
> Cc: openafs-info@openafs.org
> Subject: Re: [OpenAFS] fs setcrypt?
>
> On Wed, 4 Jun 2003, Harald Pobloth wrote:
>
> > after all the talking about encryption ... How do I permanently activate
> > encryption using windowsXP and OpenAFS 1.2.8a client
> > Simply typing "fs setcrypt on" only sets encryption until AFS restarts
> > then it is turned off again.
>
> There's no built-in way to do it automatically. I can think of several
> Windows hacks to get it done, but none of them very good. The problem is
> that only administrators can run it. You might try creating a windows
> service (with a dependency on the AFS service) that automatically runs it.
>
> > Do the AFS servers need special
> > configuration for encryption to work?
>
> Nope.
>
> [ t. charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
>
> --__--__--
To use the encryption mechanism built into AFS, for a Windows client, set the following registry value named
SecurityLevel under HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters to 2. This is what we are doing
currently at Stanford with an MSI based distribution that provides the bare minimum of the OpenAFS binaries needed to
get the client working on W2K and later versions. My testing has consisted of running a sniffer on the machine with
either having this setting as specified or it not being present, and it seems to work.
--
megh