Re: [9fans] terminal level authentication

[Heiko Dudzus <heiko.dudzus@gmx.de>]

Hi Fernan,

> I recently put together a small plan 9 network.
>
> I noticed that just about anyone can access the terminal,
> because it does not ask for authentication when I log in.
> It will only ask for my password when access the cpu server
> or import from the servers.
>
> I am not sure if it was a mistake on my part that I might
> have overlooked a step. If so can you pls tell me which steps?

This is right.  The resources on a standalone terminal aren't
protected from the user (=hostowner) by password (or any other
method of authentication)

(We had a discussion about this regarding notebooks some weeks before
on the 9fans list.)

Terminals are meant to boot from a fileserver and to not have the
operating system installed on local disks.  You need to authenticate
with password (perhaps via sectore key) when you boot a terminal from
fileserver.

If you do have a local installed Plan 9 system (e.g. on notebooks)
you perhaps will only want to use that for temporary use in situations
when you are unconnected to any Plan 9 authdom you have an account
for.

This all is intended by design.  These ideas are described in
http://plan9.bell-labs.com/sys/doc/9.ps and
http://plan9.bell-labs.com/sys/doc/auth.ps describes the
authentication and security infrastructures.

> Assuming I did not make a mistake during the installation.
> If a user decided to make use of the terminals disks
> to store data, what protects these data from other users? Ofcourse
> this would be irrelevant if the terminals where made of diskless
> machines which relies on the fileserver to provide the disk space.
>
> As I understand it, Just installing the distro form the bell labs site.
> The reulting machine is a standalone terminal.

yes.

> If I decide to follow the configuring the cpu server in the wiki,
> this will give me a cpu server.

yes.

Heiko