[OpenAFS] Purging the client cache

Russ Allbery rra@stanford.edu
Sat, 09 Jan 2010 13:33:55 -0800

Jeffrey Altman <jaltman@secure-endpoints.com> writes:

> For Windows you will want to do two things:

> 1. install the cache file in an encrypted directory that is restricted
> to the SYSTEM account.

Ah, this is a good idea.  Is this something that we can easily do as part
of the AFS installer?  Do we need a separate product to do the encryption,
or do current versions of Windows support this internally?  (We do have a
whole-disk encryption product that we've been deploying, but my guess is
that the people using this new service and the people using whole-disk
encryption won't be slightly the same.)

> 2. Add "fs flushall" to the VPN disconnect script.

This sounds great.  Thank you!

Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>