From 6d59b7c4b4b712160a6d60491c95c111bb831fbb Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Sun, 30 Jul 2017 20:57:05 -0500 Subject: [PATCH] Default to crypt mode for unix clients Though the protection offered by rxkad, even with rxkad-k5 and rxkad-kdf, is insufficient to protect traffic from a determined attacker, it remains the case that the internet is not a safe place for user data to travel in the clear, and has not been for a long time. The Windows client encrypts by default, and all or nearly all the Unix client packaging scripts set crypt mode by default. Catch up to reality and default to crypt mode in the Unix cache manager. Change-Id: If0061ddca3bedf0df1ade8cb61ccb710ec1181d4 Reviewed-on: https://gerrit.openafs.org/12668 Reviewed-by: Benjamin Kaduk Tested-by: BuildBot --- NEWS | 4 ++++ src/afs/afs_conn.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index a9b6ca4..55cd568 100644 --- a/NEWS +++ b/NEWS @@ -268,6 +268,10 @@ OpenAFS 1.8.0pre2 All Client Platforms + * Use rxkad_crypt by default for connections to fileservers. This matches + the existing behavior of the Windows client and has been applied by + the distribution packaging on many platforms already. + * Add support for relative ACL changes with fs setacl. If a single plus (+) or minus (-) character is appended to the rights' letters argument, the new rights are computed relatively to the existing ones. diff --git a/src/afs/afs_conn.c b/src/afs/afs_conn.c index 56515c8..92e560c 100644 --- a/src/afs/afs_conn.c +++ b/src/afs/afs_conn.c @@ -44,7 +44,7 @@ /* Exported variables */ afs_rwlock_t afs_xconn; /* allocation lock for new things */ afs_rwlock_t afs_xinterface; /* for multiple client address */ -afs_int32 cryptall = 0; /* encrypt all communications */ +afs_int32 cryptall = 1; /* encrypt all communications */ /* some connection macros */ -- 1.9.4