[OpenAFS] Speed difference between OpenAFS 1.4.x on Debian and CentOS

Christopher D. Clausen cclausen@acm.org
Tue, 8 Apr 2008 09:56:25 -0500


Wesley Chow <wchow@athenacr.com> wrote:
>> Does turning crypt off mean data in transit can be read *and*
>> tampered with? Or read, but still safe from tampering?
>
> Also, does this imply that a server participating in the public
> directory is trusting that all clients are using encryption to connect
> to it? Is there a way for a server to force encryption on any clients
> accessing its volumes?

Encryption in OpenAFS is a per-client command and only operates when one 
is using tickets.  IP based ACLs and system:anyuser "anonymous" access 
cannot be encrypted.

There is not currently a way to enforce encryption from the server-side.

<<CDC