* Re: [9fans] factotum/ssh issue
@ 2002-11-11 15:36 Skip Tavakkolian
0 siblings, 0 replies; 4+ messages in thread
From: Skip Tavakkolian @ 2002-11-11 15:36 UTC (permalink / raw)
To: 9fans
(Just a thought!)
What if the client process propagated the final part of the
negotiations to the client factotum, identifying it as 'failed' or
'succeeded'. When the client factotum receives a 'failed', it could
insert a new attribute (maybe 'needkey='). into that tuple. Then
when client factoum gets a 'start' again, user would be prompted,
perhaps with the public attributes of the existing tuple as default.
The reason to use a new attribute instead of 'confirm=' is to make the
distinction of providing defaults or not.
> I have a minor nitpick, though. When I ssh'd into a unix
> box for the first time I was prompted to add the key
> (not real security, but good enough for me), then I was
> asked for the password to the machine. My trigger happy finger
> decided to hit enter, thereby entering a nil password
> and failing to authenticate. Further attempts to
> ssh into the machine failed because factotum stored the
> incorrect password. I needed to become accustomed to
> key management with factotum anyway, but it still seems improper
> to store the password if password authentication fails.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [9fans] factotum/ssh issue
@ 2002-11-11 16:56 Russ Cox
2002-11-11 17:29 ` Sam
0 siblings, 1 reply; 4+ messages in thread
From: Russ Cox @ 2002-11-11 16:56 UTC (permalink / raw)
To: 9fans
> I have a minor nitpick, though. When I ssh'd into a unix
> box for the first time I was prompted to add the key
> (not real security, but good enough for me), then I was
> asked for the password to the machine. My trigger happy finger
> decided to hit enter, thereby entering a nil password
> and failing to authenticate. Further attempts to
> ssh into the machine failed because factotum stored the
> incorrect password. I needed to become accustomed to
> key management with factotum anyway, but it still seems improper
> to store the password if password authentication fails.
I agree. This has bugged me for a while, but I'm
just not sure what to do. If authentication fails,
should the key be silently removed from the key store?
Maybe, but I think that would be just as surprising.
> I looked at removing the server key if ssh password authentication
> fails, but there doesn't seem to be an rpc mechanism in factotum
> to do this.
Nothing is stopping the application from doing
echo delkey whatever >/mnt/factotum/ctl
There are lots of little things about factotum that
bug me.
Russ
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [9fans] factotum/ssh issue
2002-11-11 16:56 Russ Cox
@ 2002-11-11 17:29 ` Sam
0 siblings, 0 replies; 4+ messages in thread
From: Sam @ 2002-11-11 17:29 UTC (permalink / raw)
To: 9fans
> I agree. This has bugged me for a while, but I'm
> just not sure what to do. If authentication fails,
> should the key be silently removed from the key store?
> Maybe, but I think that would be just as surprising.
Indeed.
> Nothing is stopping the application from doing
> echo delkey whatever >/mnt/factotum/ctl
True, but i didn't want to start junking up the source with
hacks until I received some further thoughts. Deleting
the key just didn't *seem* right.
Perhaps we could make a factotum nitpick list on the wiki and
begin thinking about shaping it? I'ld be interested to hear
what else about it bugs you.
Cheers,
Sam
^ permalink raw reply [flat|nested] 4+ messages in thread
* [9fans] factotum/ssh issue
@ 2002-11-11 14:43 Sam
0 siblings, 0 replies; 4+ messages in thread
From: Sam @ 2002-11-11 14:43 UTC (permalink / raw)
To: 9fans
Hola,
We finally stopped working long enough to upgrade
to 4e last week and I have to admit, the first
time I was auto-login'd to a remote unix box
after having stored the key in factotum I was
exuberant.
I have a minor nitpick, though. When I ssh'd into a unix
box for the first time I was prompted to add the key
(not real security, but good enough for me), then I was
asked for the password to the machine. My trigger happy finger
decided to hit enter, thereby entering a nil password
and failing to authenticate. Further attempts to
ssh into the machine failed because factotum stored the
incorrect password. I needed to become accustomed to
key management with factotum anyway, but it still seems improper
to store the password if password authentication fails.
I looked at removing the server key if ssh password authentication
fails, but there doesn't seem to be an rpc mechanism in factotum
to do this.
Cheers,
Sam
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-11-11 17:29 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-11-11 15:36 [9fans] factotum/ssh issue Skip Tavakkolian
-- strict thread matches above, loose matches on Subject: below --
2002-11-11 16:56 Russ Cox
2002-11-11 17:29 ` Sam
2002-11-11 14:43 Sam
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).