* [9fans] cron authentication
@ 2003-07-28 20:47 andrey mirtchovski
2003-07-28 21:44 ` andrey mirtchovski
0 siblings, 1 reply; 2+ messages in thread
From: andrey mirtchovski @ 2003-07-28 20:47 UTC (permalink / raw)
To: 9fans
I got asked today to explain how exactly auth servers, factotum and secstore
work together, and I think I did a pretty good job at it, until I was asked
how authentication proxies (such as cron) would work in Plan 9.
My question is, exactly how does Plan 9's cron work? Does it keep a set of
keys for the different users it speaks for?
I can see from the source that cron does the following dance:
fork()
...
become andrey
call auth_proxy as andrey
open factotum/rpc
... normal authentication ...
run rexec as andrey
...
exit()
but where does it get the key to authenticate?
The archives show this old mail from the time when, presumably, factotum was
still in development:
> [snip] For example, I can have a hostagent
> running on my terminal that brokers all authentication for my processes,
> even ones on cpu servers. However, when making calls out from a cpu
> server, I still have to trust the owner of that cpu server to be running
> a system that does what my processes ask it to. Hence, I'm trusting the
> host owner making him a super-user of sorts. However, the sphere of trust
> can be much more arbitrariy and egocentric and I like that.
> Cron in such a system becomes much harder. The cron process has to
> possess some of my private keys in order to do it's job. I could
> limit its ability by certifying scripts that it runs but that's more
> work. However, I think I'm going to bite the bullet and do it.
Does cron possess this set of private keys?
andrey
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [9fans] cron authentication
2003-07-28 20:47 [9fans] cron authentication andrey mirtchovski
@ 2003-07-28 21:44 ` andrey mirtchovski
0 siblings, 0 replies; 2+ messages in thread
From: andrey mirtchovski @ 2003-07-28 21:44 UTC (permalink / raw)
To: 9fans
I believe I figured it out after a bit of experimenting with it.
What threw me off originally was the fact that I could run auth/cron on
non-auth cpu servers without any problem, however I realized that the
factotum for the host owner knew how to authenticate to the auth server,
and had the proper capabilities to become me...
at least it stopped working when I deleted the keys from the cpu server's
factotum :)
by the way, do you think that it's a bad idea to give secstore access to a
cpu server's hostowner?
andrey
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-28 21:44 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-28 20:47 [9fans] cron authentication andrey mirtchovski
2003-07-28 21:44 ` andrey mirtchovski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).