From mboxrd@z Thu Jan 1 00:00:00 1970 To: Russ Cox , Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> From: "Brian L. Stuart" Subject: Re: [9fans] Drawterm and security In-reply-to: Your message of Sat, 19 Feb 2005 17:42:54 -0500 . Date: Sat, 19 Feb 2005 17:37:48 -0600 Message-Id: <20050219233809.JSIC2073.imf18aec.mail.bellsouth.net@p1.stuart.org> Cc: Topicbox-Message-UUID: 10a02e98-ead0-11e9-9d60-3106f5b1d025 In message , Russ Cox writes: >> I almost literally heard the bell ring this time. So >> when I try to initiate an authentication, it's up to the >> server to tell me what authentication domain he wants to >> use. Then I look up to find a auth= autodom= entry so >> that I know who to talk to in order to do authenticate >> in that domain. So if I have an authdom=home entry in my >> local network section, then anyone who wants to connect >> to my server will be told to authenticate using the >> home domain. It's then up to the client to know what >> auth server to use. > >All this is true except that the choice of authdom=home >does not come from your local network section. The choice >of authdom comes from factotum, and it offers the client >a list of possible domains. In particular, it offers any domain >on a p9sk1 key that isn't marked with role=client. That makes sense. So the putting auth= and authdom= into the local network section is to tell your clients the appropriate domain->server mapping for your network, right? It also raises the question, where does factotum get that first key so that he has a dom to send out- from nvram? Thanks, Brian L. Stuart