From mboxrd@z Thu Jan  1 00:00:00 1970
To: 9fans@cse.psu.edu
From: "Brian L. Stuart" <blstuart@bellsouth.net>
Date: Sat, 19 Feb 2005 12:37:53 -0600
Message-Id: <20050219183814.GISZ2048.imf19aec.mail.bellsouth.net@p1.stuart.org>
Subject: [9fans] Drawterm and security
Topicbox-Message-UUID: 4e6034aa-eace-11e9-9e20-41e7f4b1d025

I'm about to drive my fist through the monitor.  I think
I'm generally a fairly intelligent person and I generally
understand the Plan9 paper on security, but I'm having
a serious disconnect between that and how it's implemented
in practice.  Last night I was successfully connected between
a Linux box and my Plan9 file/cpu server with drawterm.
This morning I realized that I was unable to authenticate
to sources from the fs/cpu server so started to try to
fix my /lib/ndb/local to address the problem.  Nothing
seemed to work and worse yet, now drawterm is broken with
the infamous "cannot authenticate with p9" message even when
returning to the same /lib/ndb/local.  What exactly are the
necessary and sufficient conditions for making drawterm work
and likewise for access to sources?  auth/debug appears to be
fine and /sys/log/auth also seems fine.  I'm assuming that the
auth=sources... line must be there.  Does it break things to
have additional auth=bootes and authdom=home in the section
that describes the local net?  factotum is the only piece of
the current security system that hasn't seemed like black
magic to me.  Any wisdom is welcome.  Even a recipe would
be welcome at this point.

Brian L. Stuart