From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <8e10ef025f295ae275886fa840d1bc1b@9netics.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] Drawterm and security Date: Sat, 19 Feb 2005 11:52:44 -0800 From: Skip Tavakkolian <9nut@9netics.com> In-Reply-To: <20050219183814.GISZ2048.imf19aec.mail.bellsouth.net@p1.stuart.org> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: 4e80eb1e-eace-11e9-9e20-41e7f4b1d025 With drawterm, everything is running on the cpu, and drawterm is just 'exportfs'ing your local namespace (for things like keyboard, mouse, etc.) I'm guessing that YOUR factotum (your authentication agent) is not running. I've attached dt_factotum, which I got from geoff. You run it on the cpu (in you're drawterm session), once you've successfully drawterm'ed in. term% cat $home/bin/rc/dt_factotum #!/bin/rc if (! test -f /srv/factotum.$user) auth/factotum -s factotum.$user mount -b /srv/factotum.$user /mnt > I'm about to drive my fist through the monitor. I think > I'm generally a fairly intelligent person and I generally > understand the Plan9 paper on security, but I'm having > a serious disconnect between that and how it's implemented > in practice. Last night I was successfully connected between > a Linux box and my Plan9 file/cpu server with drawterm. > This morning I realized that I was unable to authenticate > to sources from the fs/cpu server so started to try to > fix my /lib/ndb/local to address the problem. Nothing > seemed to work and worse yet, now drawterm is broken with > the infamous "cannot authenticate with p9" message even when > returning to the same /lib/ndb/local. What exactly are the > necessary and sufficient conditions for making drawterm work > and likewise for access to sources? auth/debug appears to be > fine and /sys/log/auth also seems fine. I'm assuming that the > auth=sources... line must be there. Does it break things to > have additional auth=bootes and authdom=home in the section > that describes the local net? factotum is the only piece of > the current security system that hasn't seemed like black > magic to me. Any wisdom is welcome. Even a recipe would > be welcome at this point. > > Brian L. Stuart