[OpenAFS] fs setcrypt forcing
Garance A Drosihn
drosih@rpi.edu
Thu, 19 Jun 2003 16:34:58 -0400
At 8:39 PM -0500 6/13/03, Nathan Neulinger wrote:
>You can't encrypt unless the connection is authenticated.
>You would be blocking all non-authenticated
>system:anyuser access.
>
>That may or may not be a good idea, but should be kept
>in mind.
Would it make sense if 'fs setcrypt' would automatically fall
back to use non-encrypted connections to any volumes accessible
by system:anyuser (and *only* those volumes) if the connection
is not currently authenticated?
This seems "reasonable" to me, since all of those files are
world-readable anyway. Of course, I'm sure I could think of
arguments against the idea, if I actually wanted to... :-)
maybe have a third option, 'fs setcrypt allprivate'
(a lousy name, but my mind is drawing a blank right now)
--
Garance Alistair Drosehn = gad@gilead.netel.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu