[OpenAFS] encrypted volumes

Christof Hanke christof.hanke@induhviduals.de
Sat, 7 Feb 2009 00:31:52 +0200

Am Samstag, 7. Februar 2009 00:25:16 schrieb Mattias Pantzare:
> On Fri, Feb 6, 2009 at 22:21, Dirk Heinrichs <dirk.heinrichs@online.de> 
> > Am Freitag, 6. Februar 2009 21:45:02 schrieb Christof Hanke:
> >> Sorry, but I think you see this from the wrong angle.
> >> The point I think here is to protect sensitive data even against admins,
> >> the guys who can read /vicep* anyway...
> >
> > What prevents an admin from loggin in on the client machine to read the
> > data while the volume is mounted?
> To do that the admin has to have a valid user on the client machine.
> The client and the server do not have to be administered by the same
> people. The users real and the servers kerberos realm might not even
> be the same realm.

It is worse than that. The admin must break into the PAG of the user having 
activated decryption.