[OpenAFS-port-darwin] How to set encryption by default on OS X

Derrick Brashear shadow@gmail.com
Tue, 6 Mar 2012 16:21:23 -0500


On Tue, Mar 6, 2012 at 4:11 PM, Arthur Prokosch <arthurp@csail.mit.edu> wro=
te:
> On Tue, Feb 14, 2012 at 11:12:16AM -0500, Derrick Brashear wrote:
>> edit /var/db/openafs/etc/config/afs.conf and set an AFS_POST_INIT
>> scriptlet to do it, e.g.
>> AFS_POST_INIT=3Dpostcmd
>>
>> postcmd() {
>> =A0 =A0 fs setcrypt on
>
> Why is this much not a part of _every_ Mac OS install? =A0Since crypt ON
> has been the default on other platforms (at least: debian packages,
> ubuntu packages, Windows installers), it's rather jarring to learn
> that crypt defaults to OFF on mac os.
>
> Are there obstacles to making this work, other than adding a few lines
> to the default afs.conf in the installer package?

performance impact not everyone wants to incur.

> If the answer is "only someone's time to submit a patch" -- will
> http://wiki.openafs.org/AFSLore/GitDevelopers/
> steer me in the right direction?

well, i'm not sure it is, but effectively, if that doesn't, simon's
"from tiny acorns" talks at the 2009 bpw will.

>> =A0 =A0 fs mariner localhost
>> =A0 =A0 /Library/OpenAFS/Tools/tools/growlagent-openafs &
>> }
>
> growlagent-openafs isn't present in that path on 1.4.14. =A0Is
> it new as of 1.6?

yes

>(I've been waiting for 1.6.1 before upgrading mac os
> clients from 1.4.x; don't seem to have a 1.4.14.1 handy.)



--=20
Derrick