Re: [9fans] how do you usually deal with new users and secstore?

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Eric Grosse <ehg@lucent.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] how do you usually deal with new users and secstore?
Date: Sun,  7 Sep 2003 15:07:00 -0400	[thread overview]
Message-ID: <bb53257203a2c45200d77fb9c726e504@plan9.bell-labs.com> (raw)
In-Reply-To: <7c0c961ff3835850b345e0aa09ce2209@plan9.ucalgary.ca>

> such a huge password would be impossible to use in our environment,

Yes, such considerations are the reason this is not the default.
I hope someday we can get factotum integrated well enough into
Linux and Windows that you won't feel that way.

> logging in with drawterm can't be expected to remember an 80-character

I thought drawterm's time had passed and people were migrating
to VNC or VMware.  If not, then its security should certainly
be improved (as has been recently discussed).  One item could be
borrowing the code from factotum for getting keys.   By the way,
it's not an 80 character password---just enough randomness for
your environment, packed base64.  60 bits = 10 bytes might be enough.

> on a different topic -- what is the syntax for an rsa key?

It is what you get out of:
    auth/rsagen > ssh.secret.factotum
and should be added to your secstore factotum file.  You then
    auth/rsa2ssh ssh.secret.factotum > ssh.public
and "cat ssh.public >> .ssh/authorized_keys" on your Unix server.
I feel comfortable using the same ssh.public on remote university
accounts, but wouldn't want to use a single password everywhere.

Eric

next prev parent reply	other threads:[~2003-09-07 19:07 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-07 17:20 mirtchov
2003-09-07 18:26 ` Eric Grosse
2003-09-07 18:38   ` mirtchov
2003-09-07 19:07     ` Eric Grosse [this message]
2003-09-07 19:25       ` mirtchov
2003-09-07 19:41         ` ron minnich
2003-09-07 20:18           ` boyd, rounin
2003-09-07 20:53           ` matt
2003-09-07 19:13     ` Dan Cross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bb53257203a2c45200d77fb9c726e504@plan9.bell-labs.com \
    --to=ehg@lucent.com \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).