[OpenAFS] encrypted volumes

Mattias Pantzare pantzer@ludd.ltu.se
Fri, 6 Feb 2009 23:25:16 +0100

On Fri, Feb 6, 2009 at 22:21, Dirk Heinrichs <dirk.heinrichs@online.de> wrote:
> Am Freitag, 6. Februar 2009 21:45:02 schrieb Christof Hanke:
>> Sorry, but I think you see this from the wrong angle.
>> The point I think here is to protect sensitive data even against admins,
>> the guys who can read /vicep* anyway...
> What prevents an admin from loggin in on the client machine to read the data
> while the volume is mounted?

To do that the admin has to have a valid user on the client machine.
The client and the server do not have to be administered by the same
people. The users real and the servers kerberos realm might not even
be the same realm.