[OpenAFS] /afs permissions

Ken Hornstein kenh@cmf.nrl.navy.mil
Fri, 28 Oct 2005 13:47:40 -0400


>It would be a Good Thing if encryption were a per directory thing like 
>an ACL, enforced by the server, so you could make sure your sensitive 
>information was never passed in the clear.  I have no idea how hard it 
>would be to implement an "encrypted directory" flag, but I suspect it 
>would mean breaking things. Would this be a reasonable thing to put on 
>the wish list?

I remember being at an AFS Workshop where someone suggested enforcing
encryption on the server (I think his suggestion was at the volume
level) ... boy, did that poor guy get crucified by the workshop
participants.  Personally, I think it's a good idea ... I'm not sure
whether or not it would be easier to do it from an implementation
standpoint at the volume or directory level, though.

--Ken