[OpenAFS] fs setcrypt forcing

Derrick J Brashear shadow@dementia.org
Tue, 17 Jun 2003 08:04:35 -0400 (EDT)


On Tue, 17 Jun 2003, Ted Anderson wrote:

> Putting this bit in the VLDB would seem straightforward, but then the
> file server would have to contact the VLDB periodically to get this
> information for each volume it serves.  This would add a new
> communication path to the system, I think, as the file server doesn't
> talk to the VLDB at all.  Or has that changed?
>

Has not changed.

> level connections if it doesn't include read access for system:anyuser.
>   The server can easily query the connection for the rxkad state after
> checking the ACL and refuse to leak information through this channel.

I suggested something with a spare ACL bit, which would allow you to
require encryption only to some clients, at the workshop, but had not and
still have not thought through the ramifications of said proposal.