[9fans] Fsctotum per user instances?

[9fans] Fsctotum per user instances?

[Rogelio Serrano]

[-- Attachment #1: Type: text/plain, Size: 98 bytes --]

Im trying to underdtand how factotum runs. Is it per user? Or is it more
complicated than that?

[-- Attachment #2: Type: text/html, Size: 104 bytes --]

Re: [9fans] Fsctotum per user instances?

[a]

It can be more complicated than that if you want it to be. ☺

Normally, though, factotum is started once when a user boots a
terminal, and that one instance is used throughout. on a cpu
server, it's slightly more complicated, but not much: there's one
started for the hostowner, and each user gets their own when
they call in. See the calls to auth/factotum in the default profile,
typically set up by /sys/lib/newuser.

Anthony

Re: [9fans] Fsctotum per user instances?

[Charles Forsyth]

[-- Attachment #1: Type: text/plain, Size: 928 bytes --]

an auth/factotum is started by some initialisation code when you boot and
log in to your terminal.
on the cpu server, the same is true for the host owner (the owner of the
cpu service),
but then when you cpu(1) into a cpu server, your profile has a switch on
the service environment variable,
which is "cpu" for an incoming cpu call:

h% cat $home/lib/profile
...
switch($service){
case terminal
...
case cpu
...
bind /mnt/term/mnt/factotum /mnt/factotum
...
}

within cpu, the terminal's name space is available at /mnt/term, so it
simply binds the /mnt/factotum
in that name space onto /mnt/factotum in the cpu server, so you have all
your keys.

Note that this is a simple way in which the use of file servers to provide
system services and resources,
combined with 9P to import and export them, allows an interesting function
to be provided without having
any further code or special protocols.

[-- Attachment #2: Type: text/html, Size: 1528 bytes --]

Re: [9fans] Fsctotum per user instances?

[Rogelio Serrano]

[-- Attachment #1: Type: text/plain, Size: 1328 bytes --]

On Apr 7, 2013 4:40 PM, "Charles Forsyth" <charles.forsyth@gmail.com> wrote:
>
> an auth/factotum is started by some initialisation code when you boot and
log in to your terminal.
> on the cpu server, the same is true for the host owner (the owner of the
cpu service),
> but then when you cpu(1) into a cpu server, your profile has a switch on
the service environment variable,
> which is "cpu" for an incoming cpu call:
>
> h% cat $home/lib/profile
> ...
> switch($service){
> case terminal
> ...
> case cpu
> ...
> bind /mnt/term/mnt/factotum /mnt/factotum
> ...
> }
>
> within cpu, the terminal's name space is available at /mnt/term, so it
simply binds the /mnt/factotum
> in that name space onto /mnt/factotum in the cpu server, so you have all
your keys.
>
> Note that this is a simple way in which the use of file servers to
provide system services and resources,
> combined with 9P to import and export them, allows an interesting
function to be provided without having
> any further code or special protocols.

Awesome! Thanks guys!

So the incoming authentication is handled by the cpu owner factotum? That
means the authentication information is held by the cpu owner factotum and
the user factotum just handles the users keys? And the user factotum is run
after authentication.

[-- Attachment #2: Type: text/html, Size: 1581 bytes --]

Re: [9fans] Fsctotum per user instances?

[erik quanstrom]

> within cpu, the terminal's name space is available at /mnt/term, so it
> simply binds the /mnt/factotum in that name space onto /mnt/factotum
> in the cpu server, so you have all your keys.

there's an important exception to this—when one is running
9term without factotum.  in that case, one needs to start factotum
on the cpu server.

- erik

Re: [9fans] Fsctotum per user instances?

[Yaroslav]

[-- Attachment #1: Type: text/plain, Size: 394 bytes --]

Not exactly. Please refer to /sys/doc/auth.ps |
http://plan9.bell-labs.com/sys/doc/auth.html for overview of the
architecture.

> So the incoming authentication is handled by the cpu owner factotum? That
> means the authentication information is held by the cpu owner factotum and
> the user factotum just handles the users keys? And the user factotum is run
> after authentication.
>

[-- Attachment #2: Type: text/html, Size: 690 bytes --]

Re: [9fans] Fsctotum per user instances?

[Stuart Morrow]

Tip: Any time someone says read auth.ps, take it to mean read
nauth.pdf; auth.ps; nauth.pdf, where nauth.pdf is the slides at
swtch.com

In others words, read overview; details; summary.

I find the auth stuff to be some of the harder stuff to fully
understand, the existence of this thread corroborates that.

Re: [9fans] Fsctotum per user instances?

[Bence Fábián]

[-- Attachment #1: Type: text/plain, Size: 497 bytes --]

Include a link if you're reffering something.
It helps a lot.

http://swtch.com/~rsc/talks/nauth.pdf

2013/4/8 Stuart Morrow <morrow.stuart@gmail.com>

> Tip: Any time someone says read auth.ps, take it to mean read
> nauth.pdf; auth.ps; nauth.pdf, where nauth.pdf is the slides at
> swtch.com
>
> In others words, read overview; details; summary.
>
> I find the auth stuff to be some of the harder stuff to fully
> understand, the existence of this thread corroborates that.
>
>

[-- Attachment #2: Type: text/html, Size: 1103 bytes --]