From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200301312254.h0VMsF305363@zamenhof.cs.utwente.nl> To: 9fans@cse.psu.edu Subject: Re: [9fans] u9fs In-reply-to: Your message of "Fri, 31 Jan 2003 13:45:13 -0500." <6c298cdff8cac479c72d9fb081f33a52@plan9.bell-labs.com> References: <6c298cdff8cac479c72d9fb081f33a52@plan9.bell-labs.com> From: Axel Belinfante MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <5357.1044053655.1@zamenhof.cs.utwente.nl> Date: Fri, 31 Jan 2003 23:54:15 +0100 Topicbox-Message-UUID: 4bbbcc3a-eacb-11e9-9e20-41e7f4b1d025 > If I wanted to use a different key I could use, for example, > > mount -k 'user=glenda' /srv/sources /n/sources > cpu -k 'user=glenda' -h sources Thanks, I was not aware of this -k feature. > really little point. If you're using .rhosts authentication, > then there's nothing stopping me from making my own > connection to the u9fs service (with aux/9pcon or more > usefully with a 9P filter in front of the kernel) and sending > whatever attach name I want. There's no authentication > here, and I don't want to start pretending there is. I know, but this rhost auth case is not an issue, for me, here, because I don't intend to use it any longer. This all started because I wanted to move from rhost auth to now available p9any auth. So, the .u9fs was meant as 'sort of' equivalent (wrt opt-in/opt-out) to .rhosts in the case of p9any/p9sk1 authentication, for the -luser attach hack. With p9any auth, the plan 9 user can not just be anyone, but is authenticated, right? > It is worth noting, though, that if your Plan 9 system is not listed > in /etc/rhosts.equiv, then users can opt in or out by editing > their .rhosts files already. So you really don't need a .u9fs file. Been there, used that - that is what I depended on so far. However, I wanted to: - get rid of rhosts authentication (the u9fs source advices against it, I don't feel safe; main thing I dislike about it is that a user using it to opt-in for u9fs autonagically also opts-in for rsh etc., which is more than wanted/needed) - instead, use newly available p9any/p9sk1 authentication (by which I loose the opt-in/out feature of rhost with plan 9 system not in host.equiv) - have flexibility by -luser attach name (now I need opt-in/out for the users) That's why I came up with .u9fs -- opt-in/out at the unix side to complement p9any authentication, giving me something functionally similar to rhosts with empty hosts.equiv, but using Plan 9 authentication, resulting in something stronger than rhosts auth, I hope, something no longer also allowing rsh,rlogin, at least mot from the plan 9 systen. Axel.