From: "Phil Kulin" <schors@gmail.com>
To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu>
Subject: [9fans] security model
Date: Thu, 1 Feb 2007 13:44:44 +0300 [thread overview]
Message-ID: <4a591bc90702010244p226d9a1fl43576e2134ef349a@mail.gmail.com> (raw)
I intsalled combined cpu/auth server
I need some explanatories for plan9 security model, because I have
some troubles with undestanding dependences between factotum,secstore
and keyfs.
First I don't undestand why I must run auth/secstored on my auth
server. In fact keyfs provide to me interface to keys at nvram, and
secstore provide to me interface to keys at nvram...
Second I don't undestand what means "password" (after "secstore key")
in auth/wrkey dialog. System password? Who is a "system password"?
Third I think that I must to add all my permanent auth-server users
(users with remote terminals) of my "auth domain" to secstore on
auth-server. But cpu-server users of THIS cpu-server I must add to
factotum too. I must copy some keys from secstore to factotum at boot
time if I want to grant access to both auth and cpu servers. Am I
right?
Forth why noany ask me to password to access to secstore at boot time?
Thanks :)
--
Phil Kulin
next reply other threads:[~2007-02-01 10:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-01 10:44 Phil Kulin [this message]
2007-02-01 13:52 ` erik quanstrom
2007-02-01 22:35 ` Georg Lehner
2007-02-01 22:57 ` C H Forsyth
2007-02-01 22:58 ` Steve Simon
2007-02-01 23:30 ` C H Forsyth
2007-02-01 15:44 ` C H Forsyth
2007-02-01 15:54 ` Alberto Cortés
2007-02-01 15:31 erik quanstrom
[not found] <0c5a6d53f01894258fb37e168ee08628@coraid.com>
2007-02-01 18:33 ` Phil Kulin
2007-02-01 19:00 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4a591bc90702010244p226d9a1fl43576e2134ef349a@mail.gmail.com \
--to=schors@gmail.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).