9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: boyd.roberts@ca-indosuez.com
To: 9fans@cse.psu.edu
Subject: Réf. : [9fans] Auth & cron
Date: Tue, 18 Jul 2000 16:42:10 +0200	[thread overview]
Message-ID: <41256920.0056816E.00@SNPAR12.> (raw)

[-- Attachment #1: Type: text/plain, Size: 1569 bytes --]




but how do you auth the user?  there is no setuid.  you prove
who you are to the auth server by typing a password that is kept
locally and used to authenticate yourself.  maybe things have changed
a bit since the 1st release, but my guess is that the auth design is
more or less the same.

so you gotta enter some data to auth yourself.  this data must _never_
cross the wire.  so if you say server x is my preferred cron server,
just how is server x's cron going to get the auth data to allow the
cron to 'run as you'?  'running as you' is not a matter of uid's, it's
a matter of proving that you are you with the auth data you've been given.

wholesale shipping around private keys from auth to 'trusted' cpu
servers to allow impersonation is just an accident waiting to happen.
you bust the cpu server, you bust the auth server.  and all that
stuff is flying around on the wire.  no, no and no.

god, we may as well go back to rsh/rlogin -- yes, that hideous mess.



                                                                  
 (Embedded                                                        
 image moved   "Fco. J. Ballesteros" <nemo@gsyc.escet.urjc.es>    
 to file:      18/07/2000 16:34                                   
 pic32656.pcx)                                                    
                                                                  



Veuillez répondre à 9fans@cse.psu.edu

Pour: 9fans@cse.psu.edu
cc:    (ccc: Boyd ROBERTS/EST/DOSI/BANQUE_INDOSUEZ/FR)
Objet:    [9fans] Auth & cron



[-- Attachment #2: Type: text/plain, Size: 338 bytes --]



Regarding the discussion before about auth & cron,
what about using a cpu server with a cron process running per user w/
cron entries?

What's wrong w/ this approach?

Perhaps I'm missing something.

--
    ()    ascii ribbon campaign - against html mail
    /\                          - against microsoft attachments



[-- Attachment #3: pic32656.pcx --]
[-- Type: application/octet-stream, Size: 2427 bytes --]

             reply	other threads:[~2000-07-18 14:42 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2000-07-18 14:42 boyd.roberts [this message]
2000-07-18 16:07 ` Fco. J. Ballesteros

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41256920.0056816E.00@SNPAR12. \
    --to=boyd.roberts@ca-indosuez.com \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).