Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

fs_setcrypt(1) [xfree86 man page]

FS_SETCRYPT(1)						       AFS Command Reference						    FS_SETCRYPT(1)

NAME
       fs_setcrypt - Enables of disables the encryption of AFS file transfers

SYNOPSIS
       fs setcrypt [-crypt] <on/off> [-help]

DESCRIPTION
       The fs setcrypt command sets the status of network traffic encryption for file traffic in the AFS client. This encryption applies to file
       traffic going to and coming from the AFS File Server for users with valid tokens.  This command does not control the encryption used for
       authentication, which uses Kerberos 5 or klog/kaserver. The complement of this command is fs getcrypt, which shows the status of encryption
       on the client.

       The default encryption status is enabled.

       This is a global setting and applies to all subsequent connections to an AFS File Server from this Cache Manager. There is no way to enable
       or disable encryption for specific connections.

CAUTIONS
       AFS uses an encryption scheme called fcrypt, based on but slightly weaker than DES, and there is currently no way to specify a different
       encryption mechanism. Because fcrypt and DES are obsolete, the user must decide how much to trust the encryption. Consider using a Virtual
       Private Network at the IP level if better encryption is needed.

       Encrypting file traffic requires a token. Unauthenticated connections or connections authorized via IP-based ACLs will not be encrypted
       even when encryption is turned on.

OPTIONS
       -crypt <on/off>
	   This is the only option to fs setcrypt. The -crypt option takes either "on" or "off". "on" enables encryption. "off" disables
	   encryption. Since this is the only option, the "-crypt" flag may be omitted.

	   0 and 1 or "true" and "false" are not supported as replacements for "on" and "off".

       -help
	   Prints the online help for this command. All other valid options are ignored.

OUTPUT
       This command produces no output other than error messages.

EXAMPLES
       There are only four ways to invoke fs setcrypt.	Either of:

	  % fs setcrypt -crypt on
	  % fs setcrypt on

       will enable encryption for authenticated connections and:

	  % fs setcrypt -crypt off
	  % fs setcrypt off

       will disable encryption.

PRIVILEGE REQUIRED
       The issuer must be logged in as the local superuser root.

SEE ALSO
       fs_getcrypt(1)

       The description of the fcrypt encryption mechanism at http://surfvi.com/~ota/fcrypt-paper.txt <http://surfvi.com/~ota/fcrypt-paper.txt>.

COPYRIGHT
       Copyright 2007 Jason Edgecombe <jason@rampaginggeek.com>

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Jason Edgecombe for
       OpenAFS.

OpenAFS 							    2012-03-26							    FS_SETCRYPT(1)

Check Out this Related Man Page

FS_UUID(1)						       AFS Command Reference							FS_UUID(1)

NAME

       fs_uuid - Prints the uuid of the client or generates a new one

SYNOPSIS

       fs uuid [-generate] [-help]

DESCRIPTION

       fs uuid prints the current UUID of an OpenAFS client.  It can optionally force the generation of a new UUID, if needed.	The client UUID is
       used by the fileserver to differentiate clients with the same IP address.

CAUTIONS

       The fs uuid command is only available in OpenAFS versions after 1.4.5 and 1.5.8.  The behavior differs slightly between versions.  In
       OpenAFS 1.4.5 and later, the -generate option is required and the UUID for the client machine is never printed.	OpenAFS versions 1.5.8 and
       later will print the UUID.

OPTIONS

       -generate
	   Generates a new UUID for the cache manager.	This is useful if two clients share the same UUID (if systems were cloned incorrectly, for
	   example).  -generate is optional in OpenAFS versions 1.5.8 and later, but it is required in OpenAFS versions 1.4.5 and later.

       -help
	   Prints the online help for this command.  All other valid options are ignored.

OUTPUT

       fs uuid prints out the current UUID for the client or the new UUID if the -generate option is passed to it.

EXAMPLES

       There are only two ways to invoke fs uuid under 1.5.8 and later:

	  % fs uuid
	  UUID: 8ac66f9308a8e-47d7-80f7-50d0040cddc2

	  % fs uuid -generate
	  New UUID: 436bd660-1720-429508e470cff38f5c6fb0

       Here is the only way to invoke fs uuid under OpenAFS 1.4.5 and later:

	  % fs uuid -generate
	  New uuid generated.

PRIVILEGE REQUIRED

       The issuer must be logged on as the local superuser "root".

SEE ALSO

       fs(1)

COPYRIGHT

       Copyright 2007 Jason Edgecombe <jason@rampaginggeek.com>

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Jason Edgecombe for
       OpenAFS.

OpenAFS 							    2012-03-26								FS_UUID(1)
Man Page