From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4170966a3e192d9b86cbbf65ecf5afbc@coraid.com> From: erik quanstrom Date: Thu, 1 Feb 2007 10:31:07 -0500 To: schors@gmail.com, 9fans@cse.psu.edu Subject: Re: [9fans] security model MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Cc: Topicbox-Message-UUID: 0b498546-ead2-11e9-9d60-3106f5b1d025 second try... i'll take a stab at this. On Thu Feb 1 08:34:58 EST 2007, schors@gmail.com wrote: > I intsalled combined cpu/auth server > I need some explanatories for plan9 security model, because I have > some troubles with undestanding dependences between factotum,secstore > and keyfs. > > First I don't undestand why I must run auth/secstored on my auth > server. it is not required. secstore provides secure storage for users. also you don't need to run secstore on the auth server, but for most people that's where it makes sense. > In fact keyfs provide to me interface to keys at nvram, and keyfs provides an interface to /adm/keys*. nvram is something different. on a cpu server, nvram stores the hostowner, and the hostowner's password (secret) and a few other things so the machine can boot without operator intervention. > secstore provide to me interface to keys at nvram... no. secstore is secure storage for users. however, factotum will consult secstore for you and try to load keys from the secstore file called "factotum". you can store anything you'd like in secstore. > > Second I don't undestand what means "password" (after "secstore key") > in auth/wrkey dialog. System password? Who is a "system password"? secstore requires a password before it will allow access. in this case factotum is trying to to retrive the file "factotum" on your behalf. > > Third I think that I must to add all my permanent auth-server users > (users with remote terminals) of my "auth domain" to secstore on > auth-server. secstore storage isn't required. > But cpu-server users of THIS cpu-server I must add to > factotum too. factotum is a proxy, not permanant storage. factotum is like ssh-agent, but it works for all (okay, most) of the authentication types plan 9 requires. the actual secrets go in /adm/keys. see auth(8). > I must copy some keys from secstore to factotum at boot > time if I want to grant access to both auth and cpu servers. Am I > right? nope. factotum is run a login time. the factotum interacts with the user and secstore to compile a list of keys to hand over to various servers as your proxy. > > Forth why noany ask me to password to access to secstore at boot time? bringing it all back home. i assume this is on the auth server. the auth server is a cpu server. the assumption is that there is physical security of this box. the hostowner and key are kept in nvram. if you are not comfortable with this (and you can live with the auth server being down until you're at the console to enter the hostowner and password), you don't need an nvram file and you can wipe it clean on a pc with dd -if /dev/zero -of /dev/$disk/nvram -count 1 - erik