S.J.Chun pisze:
Are you sure on disabling crypt at debian side? For me, it seems that
you turned off crypt at centos(which is turned off by default), and
debian, you did not(which might be turned on by default?)
Crypt in server settings or in client settings? Where can I check this
setting?
I
For debian, /etc/openafs/afs.conf.client in case you installed with package.
There you can find AFS_CRYPT and which should be false to make crypt off
- Original Message -
From: Michał Droździewicz [EMAIL PROTECTED]
To:
Cc: OpenAFS-Info openafs-info@openafs.org
Sent: 08-04-08
S.J.Chun pisze:
For debian, /etc/openafs/afs.conf.client in case you installed with package.
There you can find AFS_CRYPT and which should be false to make crypt off
On CentOS only options for AFS Client (located in
/etc/sysconfig/openafs) are:
AFSD_ARGS=-afsdb -fakestat
On Debian in
S.J.Chun pisze:
For debian, /etc/openafs/afs.conf.client in case you installed with package.
There you can find AFS_CRYPT and which should be false to make crypt off
With crypt disabled I get major speedup (25-31MiB/s) and this is very
similiar to the CentOS results.
So this mistery is
I don't know why on is default; maybe for security reason? Our client
using OpenAFS for service, does not use this feature.
- Original Message -
From: Michał Droździewicz [EMAIL PROTECTED]
To:
Cc: OpenAFS-Info openafs-info@openafs.org
Sent: 08-04-08 18:01:01
Subject: Re:
Michał Droździewicz wrote:
Is AFS_CRYPT really that needed that debian is turning this _ON_ by
default?
One of the benefits that AFS provides over other file systems
is privacy. For that you need crypt to be on.
The Windows client defaults to use of encrypted sessions as well.
smime.p7s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michał Droździewicz wrote:
Jeffrey Altman pisze:
Is AFS_CRYPT really that needed that debian is turning this _ON_ by
default?
One of the benefits that AFS provides over other file systems
is privacy. For that you need crypt to be on.
The
Jeffrey Altman [EMAIL PROTECTED] wrote:
MichaÅ, Droździewicz wrote:
Is AFS_CRYPT really that needed that debian is turning this _ON_ by
default?
One of the benefits that AFS provides over other file systems
is privacy. For that you need crypt to be on.
The Windows client defaults to use
Christopher D. Clausen wrote:
I think the better question is why CentOS has it _OFF_ by default.
Packages should fail safe by being in the safest operating mode by
default.
Agreed but then you get the folks who install AFS and perform
some tests and say NFS is 20 times faster, AFS sucks.
Jeffrey Altman [EMAIL PROTECTED] wrote:
Christopher D. Clausen wrote:
I think the better question is why CentOS has it _OFF_ by default.
Packages should fail safe by being in the safest operating mode by
default.
Agreed but then you get the folks who install AFS and perform
some tests and
Jeffrey Altman pisze:
Is AFS_CRYPT really that needed that debian is turning this _ON_ by
default?
One of the benefits that AFS provides over other file systems
is privacy. For that you need crypt to be on.
The Windows client defaults to use of encrypted sessions as well.
Ok, but if I'll
Jeffrey Altman wrote:
Christopher D. Clausen wrote:
I think the better question is why CentOS has it _OFF_ by default.
Packages should fail safe by being in the safest operating mode by
default.
Agreed but then you get the folks who install AFS and perform
some tests and say NFS is 20
What if OpenSSH left encryption turned off by default so people
could benchmark it against FTP?
According to http://www.globus.org/security/overview.html that's
exactly what the globus versions of the ssh stuff does: As default
turn encryption off in the gsi-ssh so it does not get in the way
Does turning crypt off mean data in transit can be read *and* tampered
with? Or read, but still safe from tampering?
Also, does this imply that a server participating in the public
directory is trusting that all clients are using encryption to connect
to it? Is there a way for a server to
Wesley Chow [EMAIL PROTECTED] wrote:
Does turning crypt off mean data in transit can be read *and*
tampered with? Or read, but still safe from tampering?
Also, does this imply that a server participating in the public
directory is trusting that all clients are using encryption to connect
to
Harald Barth wrote:
But has anyone here on this list experimented with HW-acceleration for
encryption? It might be a good investment for a server (I hope that
my clients should cope).
I doubt you will find a hw engine engine for fcrypt.
smime.p7s
Description: S/MIME Cryptographic Signature
In message [EMAIL PROTECTED],Christopher D. Clausen
writes:
setcrypt off command before running benchmarks. What if OpenSSH left
encryption turned off by default so people could benchmark it against
FTP?
openssh sucks.
___
OpenAFS-info mailing list
Wesley Chow wrote:
Does turning crypt off mean data in transit can be read *and* tampered
with? Or read, but still safe from tampering?
Also, does this imply that a server participating in the public
directory is trusting that all clients are using encryption to connect
to it? Is there a way
I seem to distantly recall some discussion about storing maildir directories
on openafs, but I don't remember if it was safe, discouraged, or otherwise
problematic. Any one see problems with putting maildir in afs?
--
David Bear
College of Public Programs at ASU
602-464-0424
David Bear wrote:
no debug info yet, I'm hoping to avoid that...
Heres the system info.
Windows XP Pro
Openafs 1.5.34
Kerb for windows 3.2
user lisa can go most everyone in afs that she has access to except her
home directory. She can descend paths that are controlled by acls
created by me.
On Apr 8, 2008, at 9:16 AM, Christopher D. Clausen wrote:
David Bear [EMAIL PROTECTED] wrote:
I seem to distantly recall some discussion about storing maildir
directories on openafs, but I don't remember if it was safe,
discouraged, or otherwise problematic. Any one see problems with
putting
David Bear [EMAIL PROTECTED] writes:
I seem to distantly recall some discussion about storing maildir
directories on openafs, but I don't remember if it was safe,
discouraged, or otherwise problematic. Any one see problems with putting
maildir in afs?
The maildir protocol requires
Jeffrey Altman wrote:
Harald Barth wrote:
But has anyone here on this list experimented with HW-acceleration for
encryption? It might be a good investment for a server (I hope that
my clients should cope).
I doubt you will find a hw engine engine for fcrypt.
I agree, but what kind of
On Apr 8, 2008, at 9:49 AM, Russ Allbery wrote:
David Bear [EMAIL PROTECTED] writes:
I seem to distantly recall some discussion about storing maildir
directories on openafs, but I don't remember if it was safe,
discouraged, or otherwise problematic. Any one see problems with
putting
http://www.nofocus.org/maildir/
If you're interested. The patches are a little out of date, but I
could pull the most up-to-date ones and put them up there if there's
interest.
Personally, I've abandoned them and switched to Cyrus.
-rob
On Apr 8, 2008, at 9:25 AM, Robert Banz wrote:
David Bear [EMAIL PROTECTED] writes:
I seem to distantly recall some discussion about storing maildir directories
on openafs, but I don't remember if it was safe, discouraged, or otherwise
problematic. Any one see problems with putting maildir in afs?
HCoop is doing this with courier, and it
26 matches
Mail list logo