[OpenAFS] What does "data integrity" do?
Jeffrey Altman
jaltman@secure-endpoints.com
Fri, 30 Mar 2012 09:03:00 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig64E13CE52B48147A564ACA61
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 3/30/2012 6:54 AM, Thomas Smith wrote:
> Hi,
>=20
> I'm looking at disabling crypt on all of my Windows clients and noticed=
that there's an extra option for them, versus *nix clients--auth.
>=20
> With auth enabled, 'fs getcrypt' indicates that the security level is "=
data integrity". I wasn't able to find any information about what this me=
ans in the docs at the website nor in the release notes of the client (1.=
7.8).
>=20
> Can someone explain what this setting does please? Just wondering if it=
's encrypting communications while acquiring tokens ('auth') or providing=
some kind of integrity checks to help avoid or catch data corruption ('d=
ata integrity') or something else entirely.
>=20
> Thank you,
>=20
> ~ Tom
The "fs setcrypt" options are "off, auth, on".
off is no protection
auth is data integrity protection
on is data security protection (all traffic encrypted)
--------------enig64E13CE52B48147A564ACA61
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iQEcBAEBAgAGBQJPda8GAAoJENxm1CNJffh4mi4IAJaRKWj8TqFMqTYdBLpdOmVt
lEO+IkYL1jAYFVDtVCdDv5eXqbq1dGgr0I/oRarE2r603MHwAmmF3mHK6Nn14o6X
xLrTPvZTx77HC4XYOye9TxpI3/c/eTiveQnUQKjuxb5yEQgrpAdxfJIzCXZN7Zd5
3bzwexym7l3oOnXxzemVtlrCwkunGvaWuo8iMtiye33PbTn1CAEA6y4+mo/bkaNH
cUoxS8VwwJKm7aRu3cSyM4/K1N3jOLPT1NEGbcM15LfqkNoRgQTWtCSJDC8LNUdM
l7SeT0U5DsrALnzhIvKjWgkgW+MhDWnUC7dGC6Ejd9OgCfT6y2dzokzRO/J6UH4=
=NlXI
-----END PGP SIGNATURE-----
--------------enig64E13CE52B48147A564ACA61--