Hi Bob,
RL Bob Morgan <[EMAIL PROTECTED]> writes:
> I seem to recall some discussion long ago on info-afs regarding encryption
> of file service traffic between AFS client and AFS server. As I recall it
> was said at the time that this capability was present in standard AFS
> clients and servers, but that the setting to turn it on in the client was
> not documented and presumably not supported. Can anyone confirm or deny
> whether in fact this capability exists?
When developing a free international version of librxkad I played
around a bit with this. It turns out that the Transarc file servers
are capable of encrypting traffic if clients requests so. By linking
in the new librxkad in the kernel it is possible to optionally enable
encryption. If it's possible to do this with the standard software I
don't know, you probably have to read the sources to figure this
out. Look for a call to rxkad_NewClientSecurityObject(int level, ...),
level should be set to rxkad_crypt, i.e 2.
> I believe that our site would find it useful for this to be a
> standard supported feature.
Beware that the encryption routines may create a serious bottleneck in
the file server if to many clients enable it. The vanilla librxkad
seems to be untuned and is probably not even compiled with
optimization enabled. It's quite easy to beat it by an order of
magnitude.
Cheers,
Bjvrn
--
_ _ ,_______________.
Bjorn Gronvall (Bjvrn Grvnvall) /_______________/|
Swedish Institute of Computer Science | ||
PO Box 1263, S-164 29 Kista, Sweden | Schroedingers ||
Email: [EMAIL PROTECTED], Phone +46 -8 752 15 25 | Cat |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30 `---------------'
