[9fans] Could factotum call secstorefecth() on demand?

[9fans] Could factotum call secstorefecth() on demand?

[FJ Ballesteros]

If you boot from kfs, IFAIK, this is the order in which
things happen:

- boot asks for boot method (local, in this case).
- boot starts factotum
- factotum can't dial the secstore and forgets about using it.
- termrc configures ipifc
- you boot and try to mount things
- factotum asks for keys since there's no secstore.

I have been starting a second factotum from my profile so that
it could dial the secstore and use it.
But, wouldn't it be possible to make factotum execute the
if(trysecstore) {
        if (havesecstore() == 1)
                ...
code on demand, when it needs a key that is not present?

In case that would be reasonable, where should such call be made?
Or is there a better way I'm missing?

thanks

Re: [9fans] Could factotum call secstorefecth() on demand?

[Russ Cox]

The problem is that then factotum would have the
secstore key, and we've been treating that key as
somehow even more important than what factotum
typically holds.

We really don't want that one to be usable at will.

My profile contains something like:

	ipaddr=`{netstat -i | sed 1q | awk '{print $3}'}
	if(! ~ $#ipaddr 1)
		ipaddr=none
	switch($service) {
	case terminal
		switch($ipaddr) {
		case none
			;
		case *
			if(~ `{wc -l </mnt/factotum/ctl} 0)
				auth/secstore -G factotum | read -m >/mnt/factotum/ctl
		}
	}

to load factotum from secstore without starting
a new one.