From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <6f1264d9a3111def5d742c8c67098c4c@terzarima.net> To: 9fans@cse.psu.edu Subject: Re: [9fans] plain passwords and keyfs From: Charles Forsyth Date: Sun, 25 Jul 2004 20:19:36 +0100 In-Reply-To: <25eaf31495573cf9d46858cf0222fc62@quintile.net> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-rwzmfhhjmcgrngnsqmxsibvpzc" Topicbox-Message-UUID: c6e6faea-eacd-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-rwzmfhhjmcgrngnsqmxsibvpzc Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit it's for the pop3 server side for non-plan9 clients to collect mail by pop3 from a plan 9 mail service using md5 authentication (hash a challenge using a secret), for instance. the protocol requires the server to know the secret, not just a hash of it. as it happens, factotum is in the pop3 server loop on the server, but it doesn't access the secret directly. that's left to authsrv, because it has access to keyfs. either way, something on a server must store the real secret; this way, it's only stored on an auth server, which is potentially better protected and might only do auth serving (for instance). --upas-rwzmfhhjmcgrngnsqmxsibvpzc Content-Type: message/rfc822 Content-Disposition: inline Received: from mail.cse.psu.edu ([130.203.4.6]) by lavoro; Sat Jul 24 14:50:50 BST 2004 Received: from psuvax1.cse.psu.edu (localhost [127.0.0.1]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id D47AF19E85 for ; Sat, 24 Jul 2004 09:48:48 -0400 (EDT) X-Original-To: 9fans@cse.psu.edu Delivered-To: 9fans@cse.psu.edu Received: from localhost (neuromancer.cse.psu.edu [130.203.4.2]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id D675719DB3 for <9fans@cse.psu.edu>; Sat, 24 Jul 2004 09:48:35 -0400 (EDT) Received: from mail.cse.psu.edu ([130.203.4.6]) by localhost (neuromancer [130.203.4.2]) (amavisd-new, port 10024) with LMTP id 03148-03-10 for <9fans@cse.psu.edu>; Sat, 24 Jul 2004 09:48:34 -0400 (EDT) Received: from felix.quintile.net (cpc1-sout4-6-0-cust154.sot3.cable.ntl.com [81.96.207.154]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 549F319B0C for <9fans@cse.psu.edu>; Sat, 24 Jul 2004 09:48:34 -0400 (EDT) Message-ID: <25eaf31495573cf9d46858cf0222fc62@quintile.net> From: "Steve Simon" Date: Sat, 24 Jul 2004 14:48:31 +0100 To: 9fans@cse.psu.edu Subject: Re: [9fans] plain passwords and keyfs In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: 9fans-bounces+forsyth=terzarima.net@cse.psu.edu Errors-To: 9fans-bounces+forsyth=terzarima.net@cse.psu.edu Surely the pop3 password in keyfs is now historic (and could be deleted) given that we now have factotum? -Steve --upas-rwzmfhhjmcgrngnsqmxsibvpzc--