From: Ken Dreyer <ktdreyer@ktdreyer.com>
Date: Sat, 27 Jul 2013 15:22:56 +0000 (-0600)
Subject: doc: clarify setcrypt defaults
X-Git-Tag: upstream/1.6.6_pre2^2~139
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=5a89d8972d53ec913e1d7eec52955410b568aa86;p=packages%2Fo%2Fopenafs.git

doc: clarify setcrypt defaults

Reviewed-on: http://gerrit.openafs.org/10111
Reviewed-by: Jason Edgecombe <jason@rampaginggeek.com>
Reviewed-by: Michael Laß <lass@mail.uni-paderborn.de>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Tested-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit 3a24ed9baef178d34b6d0fb3a5f6a485dea9353b)

Change-Id: I2d9cd3c9167e2d67ced609e5be2d173a82b36a28
Reviewed-on: http://gerrit.openafs.org/10136
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Ken Dreyer <ktdreyer@ktdreyer.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---

diff --git a/doc/man-pages/pod1/fs_setcrypt.pod b/doc/man-pages/pod1/fs_setcrypt.pod
index 495b415d4..8fda10cf8 100644
--- a/doc/man-pages/pod1/fs_setcrypt.pod
+++ b/doc/man-pages/pod1/fs_setcrypt.pod
@@ -22,7 +22,11 @@ authentication, which uses Kerberos 5 or klog/kaserver. The complement of
 this command is B<fs getcrypt>, which shows the status of encryption on
 the client.
 
-The default encryption status is enabled.
+The default encryption status is enabled on Windows. It is disabled on all
+non-Windows clients by default. You may enable encryption by default on
+non-Windows platforms by executing B<fs setcrypt -crypt on> immediately
+after the client daemon starts. For example, on Linux, you can do this
+within the SysV init script, or with systemd's ExecStartPost parameter.
 
 This is a global setting and applies to all subsequent connections to an
 AFS File Server from this Cache Manager. There is no way to enable or