From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <873a3482d7cbc73496b64baa73c718a5@proxima.alt.za>
To: 9fans@9fans.net
Date: Mon,  1 Dec 2014 09:00:46 +0200
From: lucio@proxima.alt.za
In-Reply-To: <547C0A85.9090906@gr13.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] Factotum vs SASL
Topicbox-Message-UUID: 3087ec42-ead9-11e9-9d60-3106f5b1d025

> The guy in front of the console should authenticate as a normal user
> and then only be allowed to access his own environment (no direct
> control over hw, etc).

The guy is not in front of the "console", he has physical and
therefore unrestricted access to all the resources in the terminal.  A
CPU or file server is used to offer limited access to restricted
resources.  The terminal user is meant not to have physical access to
such devices.

It's no use bucking against that paradigm, it is fundamental to Plan
9's design.

Lucio.

PS: An auth server is meant to be kept under lock and key, separate
from the open network.  That does not normally happen, but it is
designed to be possible.