From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Sat, 19 Feb 2005 17:42:54 -0500 From: Russ Cox To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] Drawterm and security In-Reply-To: <20050219210924.DUJY730.imf22aec.mail.bellsouth.net@p1.stuart.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20050219210924.DUJY730.imf22aec.mail.bellsouth.net@p1.stuart.org> Topicbox-Message-UUID: 4f16e470-eace-11e9-9e20-41e7f4b1d025 > >When you try to connect to sources (for example, you > >do a replica/pull, or 9fs sources) it connects to the > >machine and the machine asks you to authenticate to > >the outside.plan9.bell-labs.com authdom. > > I almost literally heard the bell ring this time. So > when I try to initiate an authentication, it's up to the > server to tell me what authentication domain he wants to > use. Then I look up to find a auth= autodom= entry so > that I know who to talk to in order to do authenticate > in that domain. So if I have an authdom=home entry in my > local network section, then anyone who wants to connect > to my server will be told to authenticate using the > home domain. It's then up to the client to know what > auth server to use. All this is true except that the choice of authdom=home does not come from your local network section. The choice of authdom comes from factotum, and it offers the client a list of possible domains. In particular, it offers any domain on a p9sk1 key that isn't marked with role=client. Russ