Re: [9fans] a few Q's regarding cpu/auth server

[lucio@proxima.alt.za]

> I honestly can't believe that this is even up for debate!  <grin>
>
> It's just bizarre.

It's not.  Nothing stops one  from putting the extra layer of security
in place, it's just a user-level change, just like it is in Unix to go
 from single-user to multi-user mode.  The fact that no-one has yet
found it necessary or worthwhile speaks volumes.  If you think it's
worth it, then you need to put your money where your mouth is.

As for me, I have way too much trouble understanding a hybrid of MIPS
and PC architecture to worry about securing equipment no one really
seems to want to break into.  You are forgetting that the cost of
security must be commensurate with the risk.  When Plan 9 is popular
enough for random visitors to desire to crack it, then the extra
security will be worth the extra effort.  Until then, we can all save
ourselves the bother, including trying to remember different passwords
for different hosts.

Am I remembering wrong that 2nd Edition had password control on CPU
servers?  I missed it briefly, then forgot about it.  Oh, yes, the
change arose from the new security infrastructure, Bell Labs did not
have the resources to port it so they abandoned it.  I adapted the old
password check for something else, but what with NVRAM's failings and
the effort involved, I never tried to get the CPU server to have a
secured console.

++L

PS: Off the cuff, I'd say that adding auth/as to init(8) on a CPU
server would be almost all that's needed, just like in Unix.  So this
discussion has been quite unnecessary.