+Registry keys and Environment Variables used in the Windows AFS Client
+as of release 1.5.0000
+======================================================================
-Registry keys used in the Windows AFS Client
---------------------------------------------
-
-This file describes the registry keys used in the Windows AFS clients.
+REGISTRY KEYS:
1. Service parameters
---------------------
name will be 'AFS'.
Value : CacheSize
-Type : QWORD
-Default : 20480 (CM_CONFIGDEFAULT_CACHESIZE)
+Type : DWORD
+Default : 98304 (CM_CONFIGDEFAULT_CACHESIZE)
Variable: cm_initParams.cacheSize
- Size of the AFS cache.
+ Size of the AFS cache in 1k blocks.
Value : ChunkSize
Type : DWORD
-Default : 15 (CM_CONFIGDEFAULT_CHUNKSIZE)
+Default : 17 (CM_CONFIGDEFAULT_CHUNKSIZE)
Variable: cm_logChunkSize (cm_chunkSize = 1 << cm_logChunkSize)
Size of chunk for reading and writing. Actual chunk size is 2^cm_logChunkSize.
Value : ServerThreads
Type : DWORD
-Default : 4 (CM_CONFIGDEFAULT_SVTHREADS)
+Default : 25 (CM_CONFIGDEFAULT_SVTHREADS)
Variable: numSvThreads
Number of SMB server threads (number of threads of smb_Server). (see
smb_Server in smb.c).
Value : Stats
-Type : QWORD
-Default : 1000 (CM_CONFIGDEFAULT_STATS)
+Type : DWORD
+Default : 10000 (CM_CONFIGDEFAULT_STATS)
Variable: cm_initParams.nStatCaches
Cache configuration.
-Value : LogoffTokenTransfer
+Value : LogoffPreserveTokens
Type : DWORD {1,0}
-Default : 1
-Variable: smb_LogoffTokenTransfer
-
- If enabled (set to 1), activates functionality where the user's
- tokens are kept intact until smb_LogoffTokenTransferTimeout seconds
- elapse after user logs off. If roaming profiles are used and the
- roaming profile takes a long time to be written back, this ensures
- that the tokens remain valid until the profile save is complete.
-
-Value : LogoffTokenTransferTimeout
-Type : QWORD
-Default : 10
-Variable: smb_LogoffTokenTransferTimeout
+Default : 0
- See LogoffTokenTransfer above.
+ If enabled (set to 1), the Logoff Event handler will not attempt
+ to delete the user's tokens if the user's profile is stored outside
+ of AFS.
Value : RootVolume
Type : REG_SZ
be relative and suffixed to the reference directory (i.e. directory
where the symlink exists)
+
Value : CachePath
-Type : REG_SZ
-Default : "\AFSCache"
+Type : REG_SZ or REG_EXPAND_SZ
+Default : "%TEMP%\AFSCache"
Variable: cm_CachePath
- Location of on-disk cache file. The default implies the root
- directory of the boot disk
+ Location of on-disk cache file. The default is the SYSTEM account's
+ TEMP directory. The attributes assigned to the file are HIDDEN and
+ SYSTEM.
+
+
+Value : NonPersistentCaching
+Type : DWORD [0..1]
+Default : 0
+Variable: buf_CacheType
+
+ When this registry value is set to a non-zero value, the CachePath
+ value is ignored and the cache data is stored in the windows paging
+ file. This prevents the use of persistent caching (when available)
+ as well as the ability to alter the size of the cache at runtime
+ using the "fs setcachesize" command.
+
+
+Value : ValidateCache
+Type : DWORD [0..2]
+Default : 1
+Variable: buf_CacheType
+
+ This value determines if and when persistent cache validation is
+ performed.
+ 0 - Validation is disabled
+ 1 - Validation is performed at startup
+ 2 - Validation is performed at shutdown
+
Value : TrapOnPanic
Type : DWORD {1,0}
Issues a breakpoint in the event of a panic. (breakpoint: _asm int 3).
Value : NetbiosName
-Type : REG_SZ
+Type : REG_EXPAND_SZ
Default : "AFS"
Variable: cm_NetbiosName
Specifies the NetBIOS name to be used when binding to a Loopback
- adapter.
+ adapter. To provide the old behavior specify a value of
+ "%COMPUTERNAME%-AFS"
Value : IsGateway
Type : DWORD {1,0}
or various error types to be logged.
Value : TraceBufferSize
-Type : QWORD
+Type : DWORD
Default : 5000 (CM_CONFIGDEFAULT_TRACEBUFSIZE)
Variable: traceBufSize
Default : "i386_nt40"
Variable: cm_sysName
- Self explanatory.
+ Provides an initial value for "fs sysname". The string can contain
+ one or more replacement values for @sys in order of preference separated
+ by whitespace.
Value : SecurityLevel
Type : DWORD {1,0}
In order to enable OpenAFS to operate across the Cisco IPSec VPN
client, this value must be set to 1264 or smaller.
+Value : ConnDeadTimeout
+Type : DWORD
+Default : 60 (seconds)
+Variable: ConnDeadtimeout
+
+ The Connection Dead Time is enforced to be at a minimum 15 seconds
+ longer than the minimum SMB timeout as specified by
+
+ HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
+ SessTimeout
+
+ If the minimum SMB timeout is not specified the value is 45 seconds.
+ See http://support.microsoft.com:80/support/kb/articles/Q102/0/67.asp
+
+
+Value : HardDeadTimeout
+Type : DWORD
+Default : 120 (seconds)
+Variable: HardDeadtimeout
+
+ The Hard Dead Time is enforced to be at least double the ConnDeadTimeout.
+ The provides an opportunity for at least one retry.
+
+
+Value : TraceOption
+Type : DWORD {0-7}
+Default : 0
+
+ Enables logging of debug output to the Windows Event Log.
+ Bit 0 enables logging of "Logon Events" processed by the Network Provider
+ and Winlogon Event Notification Handler.
+ Bit 1 enables logging of events captured by the AFS Client Service.
+ Bit 2 enables real-time viewing of "fs trace" logging with DbgView
+ or similar tools.
+
Value : AllSubmount
Type : DWORD {0, 1}
Default : 1
will not be created. This allows the read-write versions of
root.afs to be hidden.
+Value : NoFindLanaByName
+Type : DWORD {0, 1}
+Default : 0
+
+ Disables the attempt to identity the network adapter to use by
+ looking for an adapter with a display name of "AFS".
+
+Value : MaxCPUs
+Type : DWORD {1..32} or {1..64} depending on the architecture
+Default : <no default>
+
+ If this value is specified, afsd_service.exe will restrict itself
+ to executing on the specified number of CPUs if there are a greater
+ number installed in the machine.
+
+ NOTE: Setting this entry to "1" may be required on hyperthreaded
+ systems to avoid crashes in the RX library.
+
+Value : smbAuthType
+Type : DWORD {0..2}
+Default : 2
+
+ If this value is specified, it defines the type of SMB authentication
+ which must be present in order for the Windows SMB client to connect
+ to the AFS Client Service's SMB server. The values are:
+ 0 = No authentication required
+ 1 = NTLM authentication required
+ 2 = Extended (GSS SPNEGO) authentication required
+ The default is Extended authentication
+
+Value : MaxLogSize
+Type : DWORD {0 .. MAXDWORD}
+Default : 100K
+
+ This entry determines the maximum size of the %WINDIR%\TEMP\afsd_init.log
+ file. If the file is larger than this value when afsd_service.exe starts
+ the file will be reset to 0 bytes. If this value is 0, it means the file
+ should be allowed to grow indefinitely.
+
+Value : FlushOnHibernate
+Type : DWORD {0,1}
+Default : 1
+
+ If set, flushes all volumes before the machine goes on hibernate or
+ stand-by.
Regkey:
-[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters\GlobalAutoMapper]
+
+Value : <Drive Letter:> for example "G:"
+Type : SZ
+
+ Specifies the submount name to be mapped by afsd_service.exe at startup
+ to the provided drive letter.
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client]
+
+Value : CellServDBDir
+Type : REG_SZ
+Default : <not defined>
+
+ Specifies the directory containing the CellServDB file.
+ When this value is not specified, the AFS Client install
+ directory is used.
+
+
+Value : VerifyServiceSignature
+Type : REG_DWORD
+Default : 0x1
+
+ This value can be used to disable the runtime verification of
+ the digital signatures applied to afsd_service.exe and the
+ OpenAFS DLLs it loads. This test is performed to verify that
+ the DLLs which are loaded by afsd_service.exe are from the
+ same distribution as afsd_service.exe. This is to prevent
+ random errors caused when DLLs from one distribution of AFS
+ are loaded by another one. This is not a security test. The
+ reason for disabling this test is to free up additional memory
+ which can be used for a large cache size.
+
+
+Value : IoctlDebug
+Type : REG_DWORD
+Default : 0x0
+
+ This value can be used to debug the cause of pioctl() failures.
+ Set a non-zero value and the pioctl() library will output status
+ information to stdout. Executing command line tools such as
+ tokens.exe, fs.exe, etc can then be used to determine why the
+ pioctl() call is failing.
+
+
+Value : MiniDumpType
+Type : REG_DWORD
+Default : 0x0 (MiniDumpNormal)
+
+ This value is used to specify the type of minidump generated by
+ afsd_service.exe either when the process crashes or when a user
+ initiated is dump file is generated with the "fs.exe minidump"
+ command.
+
+ Valid values are dependent on the version of DbgHelp.dll installed
+ on the machine. See the Microsoft Developer Library for further
+ information.
+
+ MiniDumpNormal = 0x00000000,
+ MiniDumpWithDataSegs = 0x00000001,
+ MiniDumpWithFullMemory = 0x00000002,
+ MiniDumpWithHandleData = 0x00000004,
+ MiniDumpFilterMemory = 0x00000008,
+ MiniDumpScanMemory = 0x00000010,
+ MiniDumpWithUnloadedModules = 0x00000020,
+ MiniDumpWithIndirectlyReferencedMemory = 0x00000040,
+ MiniDumpFilterModulePaths = 0x00000080,
+ MiniDumpWithProcessThreadData = 0x00000100,
+ MiniDumpWithPrivateReadWriteMemory = 0x00000200,
+ MiniDumpWithoutOptionalData = 0x00000400,
+ MiniDumpWithFullMemoryInfo = 0x00000800,
+ MiniDumpWithThreadInfo = 0x00001000,
+ MiniDumpWithCodeSegs = 0x00002000
+
+
+Value : StoreAnsiFilenames
+Type : REG_DWORD
+Default : 0x0
+
+ This value can be used to force the AFS Client Service to
+ store filenames using the Windows system's ANSI character set
+ instead of the OEM Code Page character set which has traditionally
+ been used by SMB file systems.
+
+ Note: The use of ANSI characters will render access to files
+ with 8-bit OEM file names unaccessible from Windows. This option
+ is of use primarily when you wish to allow file names produced
+ on Windows to be accessible from Latin-1 Unix systems and vice
+ versa.
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\CSCPolicy]
+
+Value : "smb/cifs share name"
+Type : REG_SZ
+Default : <none>
+
+ This key is used to map SMB/CIFS shares to Client Side Caching
+ (off-line access) policies. For each share one of the following
+ policies may be used: "manual", "programs", "documents", "disable"
+
+ These values used to be stored in afsdsbmt.ini
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\Freelance]
+
+Value : "numeric value"
+Type : REG_SZ
+Default : <none>
+
+ This key is used to store dot terminated mount point strings
+ for use in constructing the fake root.afs volume when Freelance
+ (dynamic roots) mode is activated.
+
+ "athena.mit.edu#athena.mit.edu:root.cell."
+ ".athena.mit.edu%athena.mit.edu:root.cell."
+
+ These values used to be stored in afs_freelance.ini
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\Freelance\Symlinks]
+
+Value : "numeric value"
+Type : REG_SZ
+Default : <none>
+
+ This key is used to store a dot terminated symlink strings
+ for use in constructing the fake root.afs volume when Freelance
+ (dynamic roots) mode is activated.
+
+ "linkname:destination-path."
+ "athena:athena.mit.edu."
+ "home:athena.mit.edu\user\j\a\jaltman."
+ "filename:path\file."
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\Submounts]
+
+Value : "submount name"
+Type : REG_EXPAND_SZ
+Default : <none>
+
+ This key is used to store mappings of unix style AFS paths
+ to submount names which can be referenced as UNC paths.
+ For example the submount string "/athena.mit.edu/user/j/a/jaltman"
+ can be associated with the submount name "jaltman.home".
+ This can then be referenced as the UNC path \\AFS\jaltman.home.
+
+ These values used to be stored in afsdsbmt.ini
+
+ NOTE: Submounts should no longer be used with OpenAFS.
+ Use the Windows Explorer to create drive mappings to AFS UNC
+ paths instead of using the AFS Submount mechanism.
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\Server Preferences\VLDB]
+
+Value : "hostname or ip address"
+Type : REG_DWORD
+Default : <none>
+
+ This key is used to specify a default set of VLDB server preferences.
+ For each entry the value name will be either the IP address of a server
+ or a fully qualified domain name. The value will be the ranking. The
+ ranking will be adjusted by a random value between 0 and 256 prior to
+ the preference being set.
+
+
+Regkey:
+[HKLM\SOFTWARE\OpenAFS\Client\Server Preferences\File]
+
+Value : "hostname or ip address"
+Type : REG_DWORD
+Default : <none>
+
+ This key is used to specify a default set of File server preferences.
+ For each entry the value name will be either the IP address of a server
+ or a fully qualified domain name. The value will be the ranking. The
+ ranking will be adjusted by a random value between 0 and 256 prior to
+ the preference being set.
+
2. Network provider parameters
------------------------------
-Affects the network provider (aklogon.dll).
+Affects the network provider (afslogon.dll).
Regkey:
[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters]
Value : AuthentProviderPath
Type : REG_SZ
-NSIS : <install path>\afslogon.dll
+NSIS : %WINDIR%\SYSTEM32\afslogon.dll
Specifies the install location of the authentication provider dll.
depends. Windows should not attempt to start the AFS Client Service
until all of the specified services have successfully started.
-Value : LogonOptions
-Type : DWORD
-NSIS : depends on user configuration
+Value : Name
+Type : REG_SZ
+NSIS : "OpenAFSDaemon"
+
+ Specifies the display name of the AFS Client Service
+
+Value : ProviderPath
+Type : REG_SZ
+NSIS : %WINDIR%\SYSTEM32\afslogon.dll
+
+ Specifies the DLL to use for the network provider
+
+
+2.1 Domain specific configuration keys for the Network Provider
+---------------------------------------------------------------
+
+The network provider can be configured to have different behavior
+depending on the domain that the user logs into. These settings are
+only relevant when using integrated login. A domain refers to an
+Active Directory (AD) domain, a trusted Kerberos (non-AD) realm or the
+local machine (i.e. local account logins). The domain name that is
+used for selecting the domain would be the domain that is passed into
+the NPLogonNotify function of the network provider.
+
+Domain specific registry keys are :
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+ (NP key)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
+ (Domains key)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
+ (Specific domain key. One per domain.)
+
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+ (Localhost key)
+
+eg:
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider
+ |
+ +- Domain
+ +-AD1.EXAMPLE.COM
+ +-AD2.EXAMPLE.NET
+ +-LOCALHOST
+
+Each of the domain specific keys can have the set of values described
+in 2.1.1. The effective values are chosen as described in 2.1.2.
+
+2.1.1 Domain specific configuration values
+-------------------------------------------
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\"domain name"]
+[HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]
+
+ Value : LogonOptions
+ Type : DWORD
+ Default : 0x01
+ NSIS/WiX: depends on user configuration
0x00 - Integrated Logon is not used
0x01 - Integrated Logon is used
High Security Mode generates random SMB names for the creation of
Drive Mappings. This mode should not be used without Integrated Logon.
-Value : LogonScript
-Type : REG_SZ
-NSIS : <install path>\afscreds.exe -:%s -x
+ As of 1.3.65 the SMB server supports SMB authentication. The High
+ Security Mode should not be used when using SMB authentication
+ (SMBAuthType setting is non zero).
- Specifies the command to be executed at the end of successful logon.
+ Value : FailLoginsSilently
+ Type : DWORD (1|0)
+ Default : 0
+ NSIS/WiX: (not set)
-Value : Name
-Type : REG_SZ
-NSIS : "OpenAFSDaemon"
+ If true, does not display any visible warnings in the event of an
+ error during the integrated login process.
- Specifies the display name of the AFS Client Service
+ Value : LogonScript
+ Type : REG_SZ or REG_EXPAND_SZ
+ Default : (null)
+ NSIS/WiX: (only value under NP key) <install path>\afscreds.exe -:%s -x -a -m -n -q
-Value : ProviderPath
-Type : REG_SZ
-NSIS : <install path>\afslogon.dll
+ A logon script that will be scheduled to be run after the profile
+ load is complete. If using the REG_EXPAND_SZ type, you can use
+ any system environment variable as "%varname%" which would be
+ expanded at the time the network provider is run. Optionally
+ using a "%s" in the value would result in it being expanded into
+ the AFS SMB username for the session.
- Specifies the DLL to use for the network provider
+ Value : LoginRetryInterval
+ Type : DWORD
+ Default : 30
+ NSIS/WiX: (not set)
+
+ If the OpenAFS client service has not started yet, the network
+ provider will wait for a maximum of "LoginRetryInterval" seconds
+ while retrying every "LoginSleepInterval" seconds to check if the
+ service is up.
+
+ Value : LoginSleepInterval
+ Type : DWORD
+ Default : 5
+ NSIS/WiX: (not set)
+
+ See description of LoginRetryInterval.
+
+ Value : TheseCells
+ Type : REG_MULTI_SZ
+ NSIS : <not set>
+
+ When Kerberos 5 is being used, TheseCells provides a list of additional
+ cells for which tokens should be obtained with the default Kerberos 5
+ principal.
-Value : VerboseLogging
-Type : DWORD
-NSIS : 0x0a
- Determines the level of logging to be enabled
+2.1.2 Selection of effective values for domain specific configuration
+----------------------------------------------------------------------
+
+ During login to domain X, where X is the domain passed into
+ NPLogonNotify as lpAuthentInfo->LogonDomainName or the string
+ 'LOCALHOST' if lpAuthentInfo->LogonDomainName equals the name of the
+ computer, the following keys will be looked up.
+
+ 1. NP key. ("HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider")
+ 2. Domains key. (NP key\"Domain")
+ 3. Specific domain key. (Domains key\X)
+
+ If the specific domain key does not exist, then the domains key will
+ be ignored. All the configuration information in this case will
+ come from the NP key.
+
+ If the specific domain key exists, then for each of the values
+ metioned in (2), they will be looked up in the specific domain key,
+ domains key and the NP key successively until the value is found.
+ The first instance of the value found this way will be the effective
+ for the login session. If no such instance can be found, the
+ default will be used. To re-iterate, a value in a more specific key
+ supercedes a value in a less specific key. The exceptions to this
+ rule are stated below.
+
+2.1.3 Exceptions to 2.1.2
+--------------------------
+
+ To retain backwards compatibility, the following exceptions are made
+ to 2.1.2.
+
+2.1.3.1 'FailLoginsSilently'
+
+ Historically, the 'FailLoginsSilently' value was in
+ HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
+ key and not in the NP key. Therefore, for backwards compatibility,
+ the value in the Parameters key will supercede all instances of this
+ value in other keys. In the absence of this value in the Parameters
+ key, normal scope rules apply.
+
+2.1.3.2 'LogonScript'
+
+ If a 'LogonScript' is not specified in the specific domain key nor
+ in the domains key, the value in the NP key will only be checked if
+ the effective 'LogonOptions' specify a high security integrated
+ login. If a logon script is specified in the specific domain key or
+ the domains key, it will be used regardless of the high security
+ setting. Please be aware of this when setting this value.
3. AFS Credentials System Tray Tool parameters
This value used to be stored at
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
+ The current user value is checked first; if it does not exist the local
+ machine value is checked.
+
+
Value : EnableKFW
Type : DWORD {0, 1}
Default : 1
When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
to obtain AFS credentials. By setting this value to 0, the internal
- Kerberos 4 implementation will be used instead.
+ Kerberos 4 implementation will be used instead. The current user value
+ is checked first; if it does not exist the local machine value is checked.
+
+Value : Use524
+Type : DWORD {0, 1}
+Default : 0
+Function: KFW_use_krb524()
+
+ When MIT Kerberos for Windows can be loaded, Kerberos 5 will be used
+ to obtain AFS credentials. By setting this value to 1, the Kerberos 5
+ tickets will be converted to Kerberos 4 tokens via a call to the krb524
+ daemon. The current user value is checked first; if it does not exist
+ the local machine value is checked.
Value : AfscredsShortcutParams
Type : REG_SZ
Function: Shortcut_FixStartup
This value specifies the command line options which should be set
- as part of the shortcut to afscreds.exe.
+ as part of the shortcut to afscreds.exe. afscreds.exe rewrites the
+ shortcut each time it exits so as to ensure that the shortcut points
+ to the latest version of the program. This value is used to determine
+ which values should be used for command line parameters. The current
+ user value is checked first; if it does not exist the local machine
+ value is checked.
+
+ The following subset of the command line options are appropriate for
+ use in this registry setting:
+
+ -A = autoinit
+ -M = renew drive maps
+ -N = ip address change detection
+ -Q = quiet mode. do not display start service dialog
+ if afsd_service is not already running
+ -S = show tokens dialog on startup
+ -Z = unmap drives
+
+
+Regkey:
+[HKCU\SOFTWARE\OpenAFS\Client]
+
+Value : Authentication Cell
+Type : REG_SZ
+Default : <none>
+Function: Afscreds.exe GetDefaultCell()
+
+ This value allows the user to configure a different cell name to
+ be used as the default cell when acquiring tokens in afscreds.exe
Regkey:
[HKLM\Software\TransarcCorporation\AFS Client\AfsCreds].
+Regkey:
+[HKCU\SOFTWARE\OpenAFS\Client\Active Maps]
+
+Value : "upper case drive letter"
+Type : DWORD {0, 1}
+Default : <none>
+
+ These values are used to store the persistence state of the AFS
+ drive mappings as listed in the [...\Client\Mappings] key
+
+ These values used to be stored in the afsdsbmt.ini file
+
+Regkey:
+[HKCU\SOFTWARE\OpenAFS\Client\Mappings]
+
+Value : "upper case drive letter"
+Type : REG_SZ
+Default : <none>
+
+ These values are used to store the AFS path in Unix notation
+ to which the drive letter is to be mapped.
+
+ These values used to be stored in the afsdsbmt.ini file.
+
+
+ENVIRONMENT VARIABLES:
+
+Variable: AFS_RPC_ENCRYPT
+Values: "OFF" disables the use of RPC encryption
+ any other value allows RPC encryption to be used
+Default: RPC encryption is on
+
+
+Variable: AFS_RPC_PROTSEQ
+Values: "ncalrpc" - local RPC
+ "ncacn_np" - named pipes
+ "ncacn_ip_tcp" - tcp/ip
+Default: local RPC
+