From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <32d3c05b625f12fdd78d72e5fbcc698f@plan9.bell-labs.com>
Subject: Re: [9fans] secstore
From: presotto@plan9.bell-labs.com
To: 9fans@cse.psu.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Date: Wed, 15 May 2002 08:33:41 -0400
Topicbox-Message-UUID: 92a60fc6-eaca-11e9-9e20-41e7f4b1d025

To answer lucio, it's not a matter of obscurity.  You
just don't want the files on a shared file server .  If
it gets backed up, then a mistake of permissions on the file
can last forever in the dump and not be noticed except by
attackers.

Whether or not you let others cpu or rx to the machine which is
the auth server is a separable question.

This still leaves the auth server open to trojan horses and
the like.  I'ld be happier with a standalone auth server that
noone can log onto except for a select few.  There are less
mistakes you can make that compromise security.  Of course,
we don't even do that.  Our auth server is also our console
server so that everyone that needs console access logs on.