[9fans] factotum question

[9fans] factotum question

[David Leimbach]

[-- Attachment #1: Type: text/plain, Size: 475 bytes --]

Factotum is some guy in the room that, even though you have the phone, you
keep asking what to say next on the line to get authentication to happen.

Is this a bad analogy?
Factotum is available on the client side during authentication via a library
we can use to talk to it.  When we get an "afd" we basically write and read
from it asking our local factotum what to say next?
Is this where the proxying happens?  If so I think I get it... otherwise no
:-)

Dave

[-- Attachment #2: Type: text/html, Size: 577 bytes --]

Re: [9fans] factotum question

[Russ Cox]

On Tue, Mar 10, 2009 at 4:01 PM, David Leimbach <leimy2k@gmail.com> wrote:
> Factotum is some guy in the room that, even though you have the phone, you
> keep asking what to say next on the line to get authentication to happen.
> Is this a bad analogy?

The analogy is exactly right.
Took me a while to parse it
but I don't have a clearer phrasing.

> Factotum is available on the client side during authentication via a library
> we can use to talk to it.  When we get an "afd" we basically write and read
> from it asking our local factotum what to say next?
> Is this where the proxying happens?

Yes.
Russ

Re: [9fans] factotum question

[Skip Tavakkolian]

/sys/doc/auth.ps is much more interesting.

my analogy is that YOU are factotum and your assistant is the program
that you (factotum) will authenticate to the remote system to act on
your behalf.

> Factotum is some guy in the room that, even though you have the phone, you
> keep asking what to say next on the line to get authentication to happen.
>
> Is this a bad analogy?
> Factotum is available on the client side during authentication via a library
> we can use to talk to it.  When we get an "afd" we basically write and read
> from it asking our local factotum what to say next?
> Is this where the proxying happens?  If so I think I get it... otherwise no
> :-)
>
> Dave

Re: [9fans] factotum question

[David Leimbach]

[-- Attachment #1: Type: text/plain, Size: 950 bytes --]

On Tue, Mar 10, 2009 at 5:30 PM, Skip Tavakkolian <9nut@9netics.com> wrote:

> /sys/doc/auth.ps is much more interesting.


Sure, I was reading plan 9 papers in general today... that's likely a good
read :-)

>
>
> my analogy is that YOU are factotum and your assistant is the program
> that you (factotum) will authenticate to the remote system to act on
> your behalf.


Interesting.


>
>
> > Factotum is some guy in the room that, even though you have the phone,
> you
> > keep asking what to say next on the line to get authentication to happen.
> >
> > Is this a bad analogy?
> > Factotum is available on the client side during authentication via a
> library
> > we can use to talk to it.  When we get an "afd" we basically write and
> read
> > from it asking our local factotum what to say next?
> > Is this where the proxying happens?  If so I think I get it... otherwise
> no
> > :-)
> >
> > Dave
>
>
>

[-- Attachment #2: Type: text/html, Size: 1617 bytes --]

Re: [9fans] factotum question

[Antonin Vecera]

I got it! I misunderstand to factotum. :-(
I need to use secstore.

Antonin


On 9/28/07, Antonin Vecera <antonin.vecera@gmail.com> wrote:
> Yes, as I understand each window/process has its own namespace.
> But I guess some sources can be shared among them, f.e. my
> passwords/keys stored in factotum.
> I define my problem again:
> If I login on terminal I can see my factotum keys. That's right.
> But If I login with drawterm I can't see my factotum keys.
> Why?
>
> Maybe I should bind/mount something.
> But both namespaces contain "mount -a '#s/factotum' /mnt".
> Is it not enough?
> auth/factotum in drawterm doesn't help.
>
>
> Antonin
>
>
> On 9/28/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
> > hello
> >
> > I think you should read the paper about the namespaces ;)
> >
> > The factotum is running in the console namespace, when you log in, you
> > create a new namespace, and probably your profile runs auth/factotum,
> > doesn't remember if it is by default.
> >
> > try to play with namespaces under rio, mount things on one window and
> > try to access them from other window, for example.
> >
> > slds.
> >
> > gabi
> >
> >
> >
> > On 9/28/07, Antonin Vecera <antonin.vecera@gmail.com> wrote:
> > > Hi all,
> > >
> > > I don't understand this:
> > >
> > > 1. On console of my auth/cpu/file server I did as user bootes: "cat
> > > /mnt/factotum/ctl"
> > >    And I could see some keys stored there.
> > >
> > > 2. I connect to the same server with drawterm, login as bootes and
> > > type the same command.
> > >    But there are no keys stored there.
> > > Why?
> > >
> > >
> > > Antonin
> > >
> >
>

Re: [9fans] factotum question

[Antonin Vecera]

Yes, as I understand each window/process has its own namespace.
But I guess some sources can be shared among them, f.e. my
passwords/keys stored in factotum.
I define my problem again:
If I login on terminal I can see my factotum keys. That's right.
But If I login with drawterm I can't see my factotum keys.
Why?

Maybe I should bind/mount something.
But both namespaces contain "mount -a '#s/factotum' /mnt".
Is it not enough?
auth/factotum in drawterm doesn't help.


Antonin


On 9/28/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
> hello
>
> I think you should read the paper about the namespaces ;)
>
> The factotum is running in the console namespace, when you log in, you
> create a new namespace, and probably your profile runs auth/factotum,
> doesn't remember if it is by default.
>
> try to play with namespaces under rio, mount things on one window and
> try to access them from other window, for example.
>
> slds.
>
> gabi
>
>
>
> On 9/28/07, Antonin Vecera <antonin.vecera@gmail.com> wrote:
> > Hi all,
> >
> > I don't understand this:
> >
> > 1. On console of my auth/cpu/file server I did as user bootes: "cat
> > /mnt/factotum/ctl"
> >    And I could see some keys stored there.
> >
> > 2. I connect to the same server with drawterm, login as bootes and
> > type the same command.
> >    But there are no keys stored there.
> > Why?
> >
> >
> > Antonin
> >
>

Re: [9fans] factotum question

[erik quanstrom]

> 1. On console of my auth/cpu/file server I did as user bootes: "cat
> /mnt/factotum/ctl"
>    And I could see some keys stored there.
>
> 2. I connect to the same server with drawterm, login as bootes and
> type the same command.
>    But there are no keys stored there.
> Why?

the kernel starts factotum for the hostowner but if you
drawterm in you need to start your own factotum.  generally
this is done from $home/lib/profile.  i think glenda's profile is
missing this case.  this is what i have

[...]
case cpu
	if (test -e /mnt/term/mnt/wsys) {
		# rio already running
		wsys = /mnt/term^`{cat /mnt/term/env/wsys}
		bind -a /mnt/term/mnt/wsys /dev
		if(test -f /mnt/term/dev/label)
			echo -n $sysname > /mnt/term/dev/label
		prompt=($sysname^'; ') ; fn $sysname {}
	}
	bind /mnt/term/dev/cons /dev/cons
	bind /mnt/term/dev/consctl /dev/consctl
	bind -a /mnt/term/dev /dev
	news
	if (! test -e /mnt/term/mnt/wsys) {
		# cpu call from drawterm
		plumber
		auth/factotum
		exec rio
	}
}

- erik

Re: [9fans] factotum question

[Gabriel Diaz]

hello

I think you should read the paper about the namespaces ;)

The factotum is running in the console namespace, when you log in, you
create a new namespace, and probably your profile runs auth/factotum,
doesn't remember if it is by default.

try to play with namespaces under rio, mount things on one window and
try to access them from other window, for example.

slds.

gabi



On 9/28/07, Antonin Vecera <antonin.vecera@gmail.com> wrote:
> Hi all,
>
> I don't understand this:
>
> 1. On console of my auth/cpu/file server I did as user bootes: "cat
> /mnt/factotum/ctl"
>    And I could see some keys stored there.
>
> 2. I connect to the same server with drawterm, login as bootes and
> type the same command.
>    But there are no keys stored there.
> Why?
>
>
> Antonin
>

[9fans] factotum question

[Antonin Vecera]

Hi all,

I don't understand this:

1. On console of my auth/cpu/file server I did as user bootes: "cat
/mnt/factotum/ctl"
   And I could see some keys stored there.

2. I connect to the same server with drawterm, login as bootes and
type the same command.
   But there are no keys stored there.
Why?


Antonin