[OpenAFS] Windows Terminal server and afs clients

Jeffrey Hutzelman jhutz@cmu.edu
Mon, 14 Jun 2004 20:26:52 -0400

On Monday, June 14, 2004 19:21:32 -0400 Derek Atkins <warlord@MIT.EDU> 

> Jeffrey Altman <jaltman@columbia.edu> writes:
>>      - setcrypt
> For setcrypt, IMHO a non-root (non-admin) user should be allowed to go
> up, but not down.  E.g., a user should be allowed to turn crypto
> protection on, but not off.  I'm not sure if the Unix client allows
> that...

I disagree.  This is a system-wide setting, and changing it in either 
direction has implications.  A user turning this on would cause the system 
to consume resources which do not belong to him.

It would be nice to have a per-PAG flag indicating whether encrypted 
connections should be used.  But we don't have that today.

-- Jeff