NAME

fs_getcrypt - Displays the state of encryption for Cache Manager operations

SYNOPSIS

fs getcrypt [-help]

DESCRIPTION

The fs getcrypt command displays the default encryption mode that the Cache Manager will use when communicating with File Servers and Location Servers via authenticated connections.

The actual use of encryption and the chosen encryption algorithm is determined by the existence of valid rxkad or yfs-rxgk tokens and the security policies (if any) applied to the File Servers.

CAUTIONS

When rxkad tokens are in use, network communications will be encrypted using an encryption algorithm called fcrypt. Fcrypt is based on DES but is slightly weaker. Fcrypt and DES are obsolete. Consider upgrading the cell to use yfs-rxgk to obtain support for AES256 encryption.

Encrypting file traffic requires a token. Unauthenticated connections or connections authorized via IP-based ACLs will not be encrypted even when encryption is turned on.

OPTIONS

-help

Prints the online help for this command. All other valid options are ignored.

OUTPUT

If encryption is enabled, the output is:

   Security level is currently crypt (data security).

If auth is enabled, the output is:

   Security level is auth (data integrity).

If encryption if disabled, the output is:

   Security level is currently clear.

EXAMPLES

There is only one way to invoke fs getcrypt:

   % fs getcrypt

PRIVILEGE REQUIRED

No special privileges are required for this command.

SEE ALSO

aklog(1), fs_setcrypt(1)

The description of the fcrypt encryption mechanism at http://surfvi.com/~ota/fcrypt-paper.txt.

COPYRIGHT

Copyright 2007 Jason Edgecombe <jason@rampaginggeek.com>

This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Jason Edgecombe for OpenAFS.

ACKNOWLEDGEMENTS

"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)

"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)

The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).

"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).

"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.