From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: Date: Mon, 10 Oct 2011 17:18:56 +0100 Message-ID: From: Charles Forsyth To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: text/plain; charset=UTF-8 Subject: Re: [9fans] p9any auth in u9fs: uid value in ticked is ignored Topicbox-Message-UUID: 35be59fa-ead7-11e9-9d60-3106f5b1d025 Indeed the whole point of Tauth is that the uname in Tattach isn't intended to be trusted on its own, unless supported by an afid that attests to a previous authentication of the uname. (An exception is that many servers only run as the invoking user and don't insist on authentication.) That's the documented protocol. It seems that the servers you mention substitute t.cuid at the attach, but that makes uname relatively pointless: it might just as well not be provided in Tauth since it's effectively ignored. It would be needed in Tattach in case there is no Tauth, but is also effectively ignored in Tattach if there were a Tauth. (In that case, who cares if the two strings are the same if they are irrelevant? What's the point of the server checking?) That isn't the documented protocol. I'm ignoring the devmnt aspect because that's outside the protocol as such. I'm interested in what servers ought to be doing (or perhaps whether the protocol should be change).