[OpenAFS-port-darwin] How to set encryption by default on OS X

Georg Sluyterman georg@sman.dk
Tue, 06 Mar 2012 22:45:46 +0100


Derrick Brashear wrote, On 2012-03-06 22:21:
> On Tue, Mar 6, 2012 at 4:11 PM, Arthur Prokosch <arthurp@csail.mit.edu> wrote:
>> On Tue, Feb 14, 2012 at 11:12:16AM -0500, Derrick Brashear wrote:
>>> edit /var/db/openafs/etc/config/afs.conf and set an AFS_POST_INIT
>>> scriptlet to do it, e.g.
>>> AFS_POST_INIT=postcmd
>>>
>>> postcmd() {
>>>     fs setcrypt on
>>
>> Why is this much not a part of _every_ Mac OS install?  Since crypt ON
>> has been the default on other platforms (at least: debian packages,
>> ubuntu packages, Windows installers), it's rather jarring to learn
>> that crypt defaults to OFF on mac os.
>>
>> Are there obstacles to making this work, other than adding a few lines
>> to the default afs.conf in the installer package?
> 
> performance impact not everyone wants to incur.
> 
<---cut--->

Security should be opt out not opt in. With the power that is a modern
computer has these days i believe the majority are satisfied with crypt on.

I for one at least would appreciate it if the defaults were changed to
crypt on.

-- 
Venlig hilsen
Georg Sluyterman