<file:///afs/transarc.com/public/afs-contrib/pointers/UMich-lat-authenticated-batch-jobs> <ftp://ftp.transarc.com/pub/afs-contrib/pointers/UMich-lat-authenticated-batch-jobs>
+Another collection of tools was [mentioned](https://lists.openafs.org/pipermail/openafs-info/2002-October/006353.html) by [[DanielClark]]:
+
+Another option is [OpenPBS](http://www.openpbs.org/) and [Password Storage and Retrieval](http://www.lam-mpi.org/software/psr/) (PSR), where you encrypt your AFS password with a public key and put it in your home directory, and trusted machine(s) which have the private key on local disk then decrypt your password and run your job. MIT uses a variant of this (e.g. [a](http://web.mit.edu/longjobs/www/) & [b](http://mit.edu/longjobs-dev/notebook/)) that uses their own code (see [longjobs documentation](http://web.mit.edu/longjobs-dev/doc/netsec.txt) sections III and IV) instead of PSR.
+
### <a name="3.09 Can I check my user's pass"></a> 3.09 Can I check my user's passwords for security purposes?
Yes. Alec Muffett's Crack tool (at version 4.1f) has been converted to work on the Transarc kaserver database. This modified Crack (AFS Crack) is available via anonymous ftp from:
### <a name="3.28 Is the data sent over the n"></a> 3.28 Is the data sent over the network encrypted in AFS ?
+There is still no easy way to do this in Transarc AFS, but [[OpenAFS]] now has a "fs" subcommand to turn on encryption of regular file data sent and received by a client. This is a per client setting that persist until reboot. No server actions are needed to support this change. The syntax is:
+
+- `fs setcrypt on`
+- `fs setcrypt off`
+- `fs getcrypt`
+
+Note that this only encrypts network traffic between the client and server. The data on the server's disk is not encrypted nor is the data in the client's disk cache. The encryption algorithm used is [fcrypt](http://tedanderson.home.mindspring.com/fcrypt-paper.txt), which is a DES variant.
+
+Getting encryption enabled by default:
+
+- [[RedHat]] Linux: ([src](https://lists.openafs.org/pipermail/openafs-info/2002-July/005085.html)) change the last line of /etc/sysconfig/afs to `AFS_POST_INIT="/usr/bin/fs setcrypt on"`
+- Windows ([src](https://lists.openafs.org/pipermail/openafs-info/2003-June/009416.html)) set the following registry value named `SecurityLevel` under `HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters` to 2.
+
+I have not tested either of these procedures. -- [[TedAnderson]] - 05 Jun 2003
+
### <a name="3.29 What underlying filesystems"></a> 3.29 What underlying filesystems can I use for AFS ?
+See also [[SupportedConfigurations]].
+
You need to distinguish between the filesystem used by the file server to store the actual AFS data (by convention in /vicep?) and the filesystem used by the client cache manager to cache files.
With the new namei file server you can basically use any filesystem you want. Tne namei file server does not do any fancy stuff behind the scenes but only accesses normal files (their names are a bit strange though).
- reiserfs
- vxfs (HP-UX)
+- advfs (Tru64), it works but gives cachecurruption
+
+- Patch committed to cvs around 6/2003 will now enforce this in some cases and generate a warning to the user if the filesystem type is wrong.
The following file systems have been reported to work for the AFS client cache:
git://git.openafs.org / openafs-wiki.git / blobdiff