Re: [9fans] factotum nits

Re: [9fans] factotum nits

[r]

[-- Attachment #1: Type: text/plain, Size: 377 bytes --]

ipso was written in part to deal with this issue.  i know it's not quite
the same thing as what you're saying, but i use it exclusively to deal
with keys now. if i need to add a key, i put it in with ipso whenever
fgui yells at me.  Although you have to do it twice, the fgui display
shows you all the info you need to put in the key line when editing
with ipso.

-rob

[-- Attachment #2: Type: message/rfc822, Size: 2050 bytes --]

From: rog@vitanuova.com
To: 9fans@cse.psu.edu
Subject: Re: [9fans] factotum nits
Date: Mon, 11 Nov 2002 18:16:45 0000
Message-ID: <95f3ebae36d626c660bd745e0a1929c0@vitanuova.com>

> If you have other nits, say something.

i wondered if it could be useful to have factotum know about writing
to the secstore, so once you've entered a load of keys (with auth/fgui
or whatever) you could ask factotum to write them to the secstore from
which it obtained them, thus obviating the need to remember and
re-enter them (in the open, with an acme that might swap them out) at
a later date.

of course, you'd have to remember to sync that instance of secstore
with any other copies you're maintaining, but you do anyway.

maybe it's too dodgy to have factotum retain the secstore key?

Re: [9fans] factotum nits

[Micah Stetson]

> > that cause factotum not to find the key to delete.  It
> > would be nice if the format of 'delkey' lines written to
> > the control file was the same as the format of 'key' lines
> > read from there.
>
> done.

Thanks.

Micah

Re: [9fans] factotum nits

[Russ Cox]

> There's probably a good reason why this was changed, but
> in earlier versions of factotum, the lines that you got
> from reading /mnt/factotum/ctl could be written back to
> that file with 'del' prepended to delete keys.  Now there
> are attributes on the end of the line like '!password?'
> that cause factotum not to find the key to delete.  It
> would be nice if the format of 'delkey' lines written to
> the control file was the same as the format of 'key' lines
> read from there.

done.

we added the !foo? fields so that it was clear what wasn't
being shown.  it was unintentional that that broke the
delkey property.  i put in matching on private fields, so
that you can delkey !password? to remove all keys with
a !password field.  the only pattern allowed for a private
field is !private?.  that is, you can't say

	delkey !password=my.secret

since that would open up a nice dictionary attack.

russ

Re: [9fans] factotum nits

[Micah Stetson]

> If you have other nits, say something.

There's probably a good reason why this was changed, but
in earlier versions of factotum, the lines that you got
from reading /mnt/factotum/ctl could be written back to
that file with 'del' prepended to delete keys.  Now there
are attributes on the end of the line like '!password?'
that cause factotum not to find the key to delete.  It
would be nice if the format of 'delkey' lines written to
the control file was the same as the format of 'key' lines
read from there.

Of course, the only reason I use that facility is to delete
keys saved erroneously when I mistype a password.  If the
keys that didn't work weren't saved, then it wouldn't
matter to me very much.

Micah

Re: [9fans] factotum nits

[Eric Grosse]

Instead of teaching a lot of Unix passwords to my factotum via secstore,
I like to use RSA authentication.  Here are the steps:

1. generate a public/private key-pair:
	ramfs -p
	cd /tmp
	aux/ssh_genkey ssh
2. add ssh.secret.factotum to your secstore:
	ipso factotum
3. add ssh.public to .ssh/authorized_keys on your Unix systems.

If you're careful, at step 2 you backup on a second secstore.
You can give .ssh/authorized_keys to anybody setting up accounts
on new machines for you;  that can go in the clear across the
Internet, which may may account management easier.

Presotto suggests that step 1 should be integrated into ipso.

Eric

Re: [9fans] factotum nits

[rog]

> if i need to add a key, i put it in with ipso whenever
> fgui yells at me.

from secstore(1):
	"use the command in private"

the conflict between these two is what bothers me.

Re: [9fans] factotum nits

[rog]

> If you have other nits, say something.

i wondered if it could be useful to have factotum know about writing
to the secstore, so once you've entered a load of keys (with auth/fgui
or whatever) you could ask factotum to write them to the secstore from
which it obtained them, thus obviating the need to remember and
re-enter them (in the open, with an acme that might swap them out) at
a later date.

of course, you'd have to remember to sync that instance of secstore
with any other copies you're maintaining, but you do anyway.

maybe it's too dodgy to have factotum retain the secstore key?

Re: [9fans] factotum nits

[Russ Cox]

> Perhaps we could make a factotum nitpick list on the wiki and
> begin thinking about shaping it?  I'ld be interested to hear
> what else about it bugs you.

That'd be fine with me, although we might get more
people involved if we used 9fans.  The key deletion issue
is the big external thing that bothers me.  Most of my
other nits are about internals.  The code just isn't that
clean, but no one has had time to clean it up.  The one
we currently use is the second or third complete rewrite
as it is.

Another student at MIT is going to be porting factotum
to Unix in a month or two.  I suspect I'll end up fixing
a bunch of things like this in the Plan 9 one in response.

If you have other nits, say something.