Default to crypt mode for unix clients

Though the protection offered by rxkad, even with rxkad-k5 and rxkad-kdf, is insufficient to protect traffic from a determined attacker, it remains the case that the internet is not a safe place for user data to travel in the clear, and has not been for a long time. The Windows client encrypts by default, and all or nearly all the Unix client packaging scripts set crypt mode by default. Catch up to reality and default to crypt mode in the Unix cache manager. Change-Id: If0061ddca3bedf0df1ade8cb61ccb710ec1181d4 Reviewed-on: https://gerrit.openafs.org/12668 Reviewed-by: Benjamin Kaduk <kaduk@mit.edu> Tested-by: BuildBot <buildbot@rampaginggeek.com>
2025-01-18 15:00:12 +00:00 · 2017-07-30 20:57:05 -05:00 · 2017-07-30 20:57:05 -05:00 · 6d59b7c4b4
commit 6d59b7c4b4
parent f7ccf0aa00
2 changed files with 5 additions and 1 deletions
--- a/4
+++ b/4
@ -268,6 +268,10 @@ OpenAFS 1.8.0pre2

  All Client Platforms

+    * Use rxkad_crypt by default for connections to fileservers.  This matches
+      the existing behavior of the Windows client and has been applied by
+      the distribution packaging on many platforms already.
+
    * Add support for relative ACL changes with fs setacl. If a single plus (+)
      or minus (-) character is appended to the rights' letters argument, the
      new rights are computed relatively to the existing ones.
--- a/src/afs/afs_conn.c
+++ b/src/afs/afs_conn.c
@ -44,7 +44,7 @@
 /* Exported variables */
 afs_rwlock_t afs_xconn;		/* allocation lock for new things */
 afs_rwlock_t afs_xinterface;	/* for multiple client address */
-afs_int32 cryptall = 0;		/* encrypt all communications */
+afs_int32 cryptall = 1;		/* encrypt all communications */

 /* some connection macros */