From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <4a591bc90702010244p226d9a1fl43576e2134ef349a@mail.gmail.com> Date: Thu, 1 Feb 2007 13:44:44 +0300 From: "Phil Kulin" To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: [9fans] security model Topicbox-Message-UUID: 0b3ba430-ead2-11e9-9d60-3106f5b1d025 I intsalled combined cpu/auth server I need some explanatories for plan9 security model, because I have some troubles with undestanding dependences between factotum,secstore and keyfs. First I don't undestand why I must run auth/secstored on my auth server. In fact keyfs provide to me interface to keys at nvram, and secstore provide to me interface to keys at nvram... Second I don't undestand what means "password" (after "secstore key") in auth/wrkey dialog. System password? Who is a "system password"? Third I think that I must to add all my permanent auth-server users (users with remote terminals) of my "auth domain" to secstore on auth-server. But cpu-server users of THIS cpu-server I must add to factotum too. I must copy some keys from secstore to factotum at boot time if I want to grant access to both auth and cpu servers. Am I right? Forth why noany ask me to password to access to secstore at boot time? Thanks :) -- Phil Kulin