Are AFS file transfers encrypted?

[Harald Barth]

> 1) I know the Kerberos auth is encrypted, and that the tokens
> are encrypted. But can people sniff or even modify
> filedata that I'm reading?

Stuff you access as system:anyuser is of course not encrypted. Stuff
you access authenticated is either only checksummed (to make spoofing
more difficult) or even encrypted if configured to do so. The fs
*crypt* commands can turn than on and off on an per-client basis. Code
for more finer grained control (one could think of making volumes or
user's stuff to require encryption) has not been written. The
encryption is not very strong (it probably was 1990). I would not say:
"You get these $1000 if you can tell me the contents of this file"
because I want to keep my $1000. $100 maybe. $10 sure. I hear that
better encryption is worked on but I have not seen any prototype yet.

> 2) If so, how is the encryption established?
> With SSH, I had to click YES the first time
> I connect to a server (to trust the public key is not tampered).
> But with Kerberos and AFS, I never had to do that.
> Can someone help clarify for me (or point me to where
> to read more)?

The encryption is based on your kerberos keys. Remember that KeyFile
you put on your AFS server(s)? (Insert nifty picture here with KDC,
AFS server and your ticket file). Both you in your ticket file and
your AFS server share a secret with the KDC. From that you can build
the encryption key.

Please correct me if I'm wrong.

Harald.