On 30 Mar 2012, at 11:54, Thomas Smith wrote: > Can someone explain what this setting does please? Just wondering if it's > encrypting communications while acquiring tokens ('auth') or providing some > kind of integrity checks to help avoid or catch data corruption ('data > integrity') or something else entirely.
rxkad provides three levels of protection for all RPCs. At the lowest level the user is authenticated, but all data is sent unprotected - an attacker could hijack your connection, and replace any and all of the data contained with it. At the middle level, the connection is integrity protected - an attacker can read all of the data you are sending and receiving, but any attempts to alter that data will be detected and rejected. At the highest level, the connection is encrypted - all of the data is protected so that an attacker cannot read or modify it. I'm not entirely sure how the descriptions used by Windows map onto these three protection levels. Cheers, Simon. _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info