From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Sun, 13 Feb 2005 15:03:59 -0500 From: Russ Cox To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] factotum & invalid entries In-Reply-To: <773e440ebeb76f706118be8d73bfca39@orthanc.cc.titech.ac.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <773e440ebeb76f706118be8d73bfca39@orthanc.cc.titech.ac.jp> Topicbox-Message-UUID: 083329e0-ead0-11e9-9d60-3106f5b1d025 > > I changed things so that the new keys get inserted at the beginning > > of the list. That should help a bit. > > When the factotum is the one started by kernel on a cpu server, > adding a new key to the beginning of the list might change the > authdom which the cpu server running in? I was working on factotum and I realized that this question doesn't actually make sense. The cpu server runs in as many authentication domains as there are p9sk1 server keys in its factotum. It doesn't matter where you put the key -- beginning or end of list. In the p9any protocol, factotum will offer as possible authentication domains all the proto=p9sk1 keys that have no role attribute or an explicit role=server attribute. It's not generally safe to be using the cpu server factotum as your personal one, since adding new role-less p9sk1 keys allows people in those domains to get in. Probably the key prompt should make sure to specify a role whenever it asks for a key. Russ