[Disclaimer:
 this file and the mcrypt script are not part of the original CFS
 package distributed by http://www.crypto.com/software. It describes
 only the steps to make the RPM-package working.

 Please send complains and comments to
 mailto:enrico.scholz@informatik.tu-chemnitz.de!]


The following four steps must be done as root; the last ones can be
executed as an ordinary user:

1. Install the package (probably done already):

     $ rpm -U cfs-1.4.1-1.i386.rpm

   (the version ("1.4.1") and release number (1) can vary and perhaps
   the architecture (i368) also.

   To use the mcrypt/ucrypt utilities described below, you will need
   the cfs-utils package too:

    $ rpm -U cfs-utils-1.4.1-1.i386.rpm

2. Add the following line into your /etc/fstab:

   | localhost:/.cfsfs  /mnt/crypt  nfs  port=3049,noauto,noexec,nodev,nosuid,intr,rw,nfsprog=1092830567,nfsvers=2

3. Add the following line into your /etc/exports:

   | /.cfsfs         localhost()

   This enables CFS only over the loopback device. Theoretically it
   works over the net also, but because NFS is a plaintext-protocol it
   would make CFS pointless...

4. Enable the cfsd at startup-time:

     $ chkconfig cfsd on

   Unless you are a fanatic Windoze user, you probably want to start
   the service without rebooting the machine. To do this, just type:

     $ service cfsd start


   Now /mnt/crypt should be mounted and the cfsd be running. First
   thing can be verified by executing "mount", second by calling "ps
   ax". Their output should be similarly to

     $ mount
     ... other stuff ...
     localhost:/.cfsfs on /mnt/crypt type nfs (rw,noexec,nosuid,nodev,port=3049,intr,addr=127.0.0.1)
     
     $ ps ax | grep cfsd
     8828 pts/1    S      0:00 /usr/sbin/cfsd
     1199 pts/55   S      0:00 grep cfsd


Now you can become a normal user and can follow the instructions given
by the original CFS package. I will give some instructions describing
the usage of the 'mcrypt' program in the RPM package:

5. Go into your homedirectory and execute

     $ cmkdir .crypt

   there. It will ask you for a passphrase which must be at least 16
   chars long. For details of cmkdir see its manpage.

6. Create a symlink from /mnt/crypt/${USER} to ~/crypt:
    
     $ ln -s /mnt/crypt/${USER} ~/crypt

7. Call /usr/lib/cfs/mcrypt and enjoy (as long as you can remember
   the 16 char passphrase ;) ). When you are using X-Window and have
   ssh installed, its ssh-X11-ask program will be used to query the
   passphrase. This should protect you against _simple_ attacks
   intercepting X11 input.

8. When you have done your work, detach the mountpoint by calling
   /usr/lib/cfs/ucrypt. Detaching happens automatically after a
   certain time, but ucrypt deletes some lockfiles preventing
   concurent calls of mcrypt on different machines.
