From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Thu, 1 Feb 2007 16:54:48 +0100 From: Alberto =?iso-8859-1?Q?Cort=E9s?= To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] security model Message-ID: <20070201155448.GB8100@wolf.gast.it.uc3m.es> References: <4a591bc90702010244p226d9a1fl43576e2134ef349a@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline In-Reply-To: <4a591bc90702010244p226d9a1fl43576e2134ef349a@mail.gmail.com> User-Agent: Mutt/1.5.9i Content-Transfer-Encoding: quoted-printable Topicbox-Message-UUID: 0b74f80c-ead2-11e9-9d60-3106f5b1d025 Phil Kulin said: > I intsalled combined cpu/auth server > I need some explanatories for plan9 security model, because I have > some troubles with undestanding dependences between factotum,secstore > and keyfs. >=20 > First I don't undestand why I must run auth/secstored on my auth > server. auth/secstored serves secstore. A user have its secstore stored in the auth server. Then a user boots a terminal. The terminal wants to provide the user with a nice secstore, but it doesn't have any. The terminal asks the auth server for the missing secstore by talking to the auth/secstored server running there. > In fact keyfs provide to me interface to keys at nvram, and > secstore provide to me interface to keys at nvram... > Second I don't undestand what means "password" (after "secstore key") > in auth/wrkey dialog. System password? Who is a "system password"? >=20 > Third I think that I must to add all my permanent auth-server users > (users with remote terminals) of my "auth domain" to secstore on > auth-server. But cpu-server users of THIS cpu-server I must add to > factotum too. I must copy some keys from secstore to factotum at boot > time if I want to grant access to both auth and cpu servers. Am I > right? >=20 > Forth why noany ask me to password to access to secstore at boot time? >=20 > Thanks :) >=20 > --=20 > Phil Kulin >=20 --=20 --=20 Alberto Cort=E9s