[OpenAFS] What does "data integrity" do?

Simon Wilkinson simonxwilkinson@gmail.com
Fri, 30 Mar 2012 12:08:25 +0100

On 30 Mar 2012, at 11:54, Thomas Smith wrote:

> Can someone explain what this setting does please? Just wondering if =
it's encrypting communications while acquiring tokens ('auth') or =
providing some kind of integrity checks to help avoid or catch data =
corruption ('data integrity') or something else entirely.

rxkad provides three levels of protection for all RPCs. At the lowest =
level the user is authenticated, but all data is sent unprotected - an =
attacker could hijack your connection, and replace any and all of the =
data contained with it. At the middle level, the connection is integrity =
protected - an attacker can read all of the data you are sending and =
receiving, but any attempts to alter that data will be detected and =
rejected. At the highest level, the connection is encrypted - all of the =
data is protected so that an attacker cannot read or modify it.

I'm not entirely sure how the descriptions used by Windows map onto =
these three protection levels.