Though the protection offered by rxkad, even with rxkad-k5 and rxkad-kdf, is
insufficient to protect traffic from a determined attacker, it remains the
case that the internet is not a safe place for user data to travel in the
clear, and has not been for a long time. The Windows client encrypts by
default, and all or nearly all the Unix client packaging scripts set crypt
mode by default. Catch up to reality and default to crypt mode in the
Unix cache manager.
Change-Id: If0061ddca3bedf0df1ade8cb61ccb710ec1181d4
Reviewed-on: https://gerrit.openafs.org/12668
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
All Client Platforms
+ * Use rxkad_crypt by default for connections to fileservers. This matches
+ the existing behavior of the Windows client and has been applied by
+ the distribution packaging on many platforms already.
+
* Add support for relative ACL changes with fs setacl. If a single plus (+)
or minus (-) character is appended to the rights' letters argument, the
new rights are computed relatively to the existing ones.
/* Exported variables */
afs_rwlock_t afs_xconn; /* allocation lock for new things */
afs_rwlock_t afs_xinterface; /* for multiple client address */
-afs_int32 cryptall = 0; /* encrypt all communications */
+afs_int32 cryptall = 1; /* encrypt all communications */
/* some connection macros */