On 30 Mar 2012, at 11:54, Thomas Smith wrote:
> Can someone explain what this setting does please? Just wondering if it's
> encrypting communications while acquiring tokens ('auth') or providing some
> kind of integrity checks to help avoid or catch data corruption ('data
> integrity') or something else entirely.
rxkad provides three levels of protection for all RPCs. At the lowest level the
user is authenticated, but all data is sent unprotected - an attacker could
hijack your connection, and replace any and all of the data contained with it.
At the middle level, the connection is integrity protected - an attacker can
read all of the data you are sending and receiving, but any attempts to alter
that data will be detected and rejected. At the highest level, the connection
is encrypted - all of the data is protected so that an attacker cannot read or
modify it.
I'm not entirely sure how the descriptions used by Windows map onto these three
protection levels.
Cheers,
Simon.
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
