Index: openafs-1.4.6.dfsg1/src/ptserver/pts.c
===================================================================
--- openafs-1.4.6.dfsg1.orig/src/ptserver/pts.c	2007-08-11 19:54:04.000000000 -0400
+++ openafs-1.4.6.dfsg1/src/ptserver/pts.c	2008-12-19 23:54:55.000000000 -0500
@@ -146,6 +146,8 @@
 	cell = 0;
     if (as->parms[17].items)
 	sec = 0;
+    if (as->parms[20].items) /* -encrypt */
+	sec = 3;
 
     if (as->parms[18].items) {	/* testing? */
 	code = pr_Initialize(sec, AFSDIR_SERVER_ETC_DIRPATH, cell);
@@ -972,6 +974,7 @@
     cmd_AddParm(ts, "-test", CMD_FLAG, CMD_OPTIONAL | CMD_HIDE, test_help);
     cmd_AddParm(ts, "-force", CMD_FLAG, CMD_OPTIONAL,
 		"Continue oper despite reasonable errors");
+    cmd_AddParm(ts, "-encrypt", CMD_FLAG, CMD_OPTIONAL, "encrypt commands");
 }
 
 /*
Index: openafs-1.4.6.dfsg1/src/ptserver/ptuser.c
===================================================================
--- openafs-1.4.6.dfsg1.orig/src/ptserver/ptuser.c	2007-04-10 14:43:45.000000000 -0400
+++ openafs-1.4.6.dfsg1/src/ptserver/ptuser.c	2008-12-19 23:56:27.000000000 -0500
@@ -200,8 +200,11 @@
 	sname.instance[0] = 0;
 	strcpy(sname.name, "afs");
 	code = ktc_GetToken(&sname, &ttoken, sizeof(ttoken), NULL);
-	if (code)
+	if (code) {
+	    if (secLevel > 1)
+		return code;
 	    scIndex = 0;
+	}
 	else {
 	    if (ttoken.kvno >= 0 && ttoken.kvno <= 256)
 		/* this is a kerberos ticket, set scIndex accordingly */
@@ -213,7 +216,8 @@
 		scIndex = 2;
 	    }
 	    sc[2] =
-		rxkad_NewClientSecurityObject(rxkad_clear, &ttoken.sessionKey,
+		rxkad_NewClientSecurityObject((secLevel > 1) ? rxkad_crypt :
+					      rxkad_clear, &ttoken.sessionKey,
 					      ttoken.kvno, ttoken.ticketLen,
 					      ttoken.ticket);
 	}