[OpenAFS] Encryption
Dan Pritts
danno@internet2.edu
Mon, 23 Aug 2004 10:49:07 -0400
On Fri, Aug 13, 2004 at 08:03:12AM -0500, Michael Robokoff wrote:
> I am looking for information on open-afs and what if any encryption
> it supports. For example:
>
> Can you set open-afs so all data written to the disk is encrypted?
Not to my knowledge but I could just be ignorant.
Note that openafs writes data to disk in two places, on the server
and in the client-side cache.
You could use some sort of os-level encrypted filesystem driver on
the server. Probably on the client too, but the client needs
to have a standard filesystem (ufs on solaris, ext2 on linux, etc).
So i guess it would have to be device-level encryption.
Windows client is implemnted differently but i think it boils down
to the same thing.
> Can you set open-afs so it encrypts data as it is transmitted between
> client and server?
yes. run fs setcrypt on client. this is a per-client setting.
I don't think the encryption used is particularly strong by modern
standards but I don't know the details.
danno
--
dan pritts danno@internet2.edu
systems administrator 734/352-4953 office
internet2 734/834-7224 mobile