Index: server/common/oursrc/accountadm/admof.c =================================================================== --- server/common/oursrc/accountadm/admof.c (revision 906) +++ server/common/oursrc/accountadm/admof.c (revision 907) @@ -141,5 +141,5 @@ die("internal error: pioctl: %m\n"); - if (pr_Initialize(0, (char *)AFSDIR_CLIENT_ETC_DIRPATH, cell) != 0) + if (pr_Initialize(3, (char *)AFSDIR_CLIENT_ETC_DIRPATH, cell) != 0) die("internal error: pr_Initialize failed\n"); Index: server/common/patches/openafs-pts-encrypt.patch =================================================================== --- server/common/patches/openafs-pts-encrypt.patch (revision 907) +++ server/common/patches/openafs-pts-encrypt.patch (revision 907) @@ -0,0 +1,47 @@ +diff --git a/src/ptserver/pts.c b/src/ptserver/pts.c +index 7b90a92..1a329c1 100644 +--- a/src/ptserver/pts.c ++++ b/src/ptserver/pts.c +@@ -176,6 +176,10 @@ GetGlobals(struct cmd_syndesc *as, void *arock) + changed = 1; + sec = 1; + } ++ if (as->parms[22].items) { /* -encrypt */ ++ changed = 1; ++ sec = 3; ++ } + if (as->parms[18].items || as->parms[20].items) { /* -test, -localauth */ + changed = 1; + confdir = AFSDIR_SERVER_ETC_DIRPATH; +@@ -1022,6 +1026,8 @@ add_std_args(register struct cmd_syndesc *ts) + "use local authentication"); + cmd_AddParm(ts, "-auth", CMD_FLAG, CMD_OPTIONAL, + "use user's authentication (default)"); ++ cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL, ++ "encrypt commands"); + } + + /* +diff --git a/src/ptserver/ptuser.c b/src/ptserver/ptuser.c +index fcd9d69..a5f7d16 100644 +--- a/src/ptserver/ptuser.c ++++ b/src/ptserver/ptuser.c +@@ -203,6 +203,8 @@ pr_Initialize(IN afs_int32 secLevel, IN char *confDir, IN char *cell) + code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL); + if (code) { + afs_com_err(whoami, code, "(getting token)"); ++ if (secLevel > 1) ++ return code; + scIndex = 0; + } else { + if (ttoken.kvno >= 0 && ttoken.kvno <= 256) +@@ -215,7 +217,8 @@ pr_Initialize(IN afs_int32 secLevel, IN char *confDir, IN char *cell) + scIndex = 2; + } + sc[2] = +- rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey, ++ rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt : ++ rxkad_clear, &ttoken.sessionKey, + ttoken.kvno, ttoken.ticketLen, + ttoken.ticket); + } Index: server/fedora/specs/openafs.spec.patch =================================================================== --- server/fedora/specs/openafs.spec.patch (revision 906) +++ server/fedora/specs/openafs.spec.patch (revision 907) @@ -1,5 +1,5 @@ --- openafs.spec.orig 2008-04-28 18:13:44.000000000 -0400 +++ openafs.spec 2008-06-03 12:36:29.000000000 -0400 -@@ -240,6 +240,9 @@ +@@ -240,6 +240,10 @@ %endif ExclusiveArch: %{ix86} x86_64 ia64 s390 s390x sparc64 ppc ppc64 @@ -7,9 +7,10 @@ +Patch1000: openafs-scripts.patch +Patch1001: openafs-postinit.patch ++Patch1002: openafs-pts-encrypt.patch + # http://dl.openafs.org/dl/openafs/candidate/%{afsvers}/... Source0: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-src.tar.bz2 Source1: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-doc.tar.bz2 -@@ -678,6 +681,8 @@ +@@ -678,6 +681,9 @@ # Patch openafs to build a kernel module named "openafs" instead of "libafs" @@ -17,4 +18,5 @@ +%patch1000 -p1 -b .scripts +%patch1001 -p1 -b .postinit ++%patch1002 -p1 -b .pts-encrypt ##############################################################################