doc: clarify setcrypt defaults

Reviewed-on: http://gerrit.openafs.org/10111
Reviewed-by: Jason Edgecombe <jason@rampaginggeek.com>
Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 3a24ed9baef178d34b6d0fb3a5f6a485dea9353b)

Change-Id: I2d9cd3c9167e2d67ced609e5be2d173a82b36a28
Reviewed-on: http://gerrit.openafs.org/10136
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/doc/man-pages/pod1/fs_setcrypt.pod b/doc/man-pages/pod1/fs_setcrypt.pod
index 495b415d44e6eefa0ce8e211c59d3d7432510b59..8fda10cf812cc46031375f7e37bc4cb5e14fbd66 100644 (file)
--- a/doc/man-pages/pod1/fs_setcrypt.pod
+++ b/doc/man-pages/pod1/fs_setcrypt.pod
@@ -22,7 +22,11 @@ authentication, which uses Kerberos 5 or klog/kaserver. The complement of
 this command is B<fs getcrypt>, which shows the status of encryption on
 the client.
 
-The default encryption status is enabled.
+The default encryption status is enabled on Windows. It is disabled on all
+non-Windows clients by default. You may enable encryption by default on
+non-Windows platforms by executing B<fs setcrypt -crypt on> immediately
+after the client daemon starts. For example, on Linux, you can do this
+within the SysV init script, or with systemd's ExecStartPost parameter.
 
 This is a global setting and applies to all subsequent connections to an
 AFS File Server from this Cache Manager. There is no way to enable or