From: "Alberto Cortés" <alcortes@it.uc3m.es>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] security model
Date: Thu, 1 Feb 2007 16:54:48 +0100 [thread overview]
Message-ID: <20070201155448.GB8100@wolf.gast.it.uc3m.es> (raw)
In-Reply-To: <4a591bc90702010244p226d9a1fl43576e2134ef349a@mail.gmail.com>
Phil Kulin said:
> I intsalled combined cpu/auth server
> I need some explanatories for plan9 security model, because I have
> some troubles with undestanding dependences between factotum,secstore
> and keyfs.
>
> First I don't undestand why I must run auth/secstored on my auth
> server.
auth/secstored serves secstore.
A user have its secstore stored in the auth server.
Then a user boots a terminal.
The terminal wants to provide the user with a nice secstore, but
it doesn't have any. The terminal asks the auth server for the
missing secstore by talking to the auth/secstored server running
there.
> In fact keyfs provide to me interface to keys at nvram, and
> secstore provide to me interface to keys at nvram...
> Second I don't undestand what means "password" (after "secstore key")
> in auth/wrkey dialog. System password? Who is a "system password"?
>
> Third I think that I must to add all my permanent auth-server users
> (users with remote terminals) of my "auth domain" to secstore on
> auth-server. But cpu-server users of THIS cpu-server I must add to
> factotum too. I must copy some keys from secstore to factotum at boot
> time if I want to grant access to both auth and cpu servers. Am I
> right?
>
> Forth why noany ask me to password to access to secstore at boot time?
>
> Thanks :)
>
> --
> Phil Kulin
>
--
--
Alberto Cortés
next prev parent reply other threads:[~2007-02-01 15:54 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-01 10:44 Phil Kulin
2007-02-01 13:52 ` erik quanstrom
2007-02-01 22:35 ` Georg Lehner
2007-02-01 22:57 ` C H Forsyth
2007-02-01 22:58 ` Steve Simon
2007-02-01 23:30 ` C H Forsyth
2007-02-01 15:44 ` C H Forsyth
2007-02-01 15:54 ` Alberto Cortés [this message]
2007-02-01 15:31 erik quanstrom
[not found] <0c5a6d53f01894258fb37e168ee08628@coraid.com>
2007-02-01 18:33 ` Phil Kulin
2007-02-01 19:00 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070201155448.GB8100@wolf.gast.it.uc3m.es \
--to=alcortes@it.uc3m.es \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).