From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 3808 invoked from network); 2 Jun 2022 04:58:58 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 2 Jun 2022 04:58:58 -0000 Received: from mail-vk1-f178.google.com ([209.85.221.178]) by 9front; Thu Jun 2 00:56:04 -0400 2022 Received: by mail-vk1-f178.google.com with SMTP id n20so1728062vkl.9 for <9front@9front.org>; Wed, 01 Jun 2022 21:56:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=9JoNvNT3HCfsg2t+VIX6TOjYcV8s5Goc7b2Qm+Kyysg=; b=Yg1qF2TCBVCoL5KuSpqoMIFEI6s4EYx6fceNT60FdNyFhDr/kcGh2ZOut+Qnlo2+i1 QDlmrLMBzW5DPTjyEh6DyWtWD/DJDQL2XPxoKX5VVUlCxpAvzYZZN4S6sCphWiRfo0LV 4jCwANjFwOeMaQ4P3ttY2GXD1lCDZReqFY+gsBHeUyvLULzvhu6jRiYMWkGUU5rAba4f n1V/H2ikKoXOMkiDHq022/oVa6G4VNCRlQeDPCQhrdErpZd7aoQn09xpcPCsZQ9RaJ6M kXCjkmGbEl4voIprkRunbjNSBByeuRkYQV1sMTPl3CtsAZsrgUXPQBplsGKxJ1yyXmai J86w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=9JoNvNT3HCfsg2t+VIX6TOjYcV8s5Goc7b2Qm+Kyysg=; b=pCzYiblzag3FNAng39y14qxCoT9ROUcVehxUQkmY9Q+SUpAR0ywQwkJpqYehOixdpb IE7epCmWk8vEBQCb7IIkhLjHLfhRnYjB+4C997ISmZT4UGvK0Oohctz0TIYSr0BJtBbx GSDI+hVyfO071YWed/GrQxXwVqVBXalLrqezH/o8mXsukb1kbo//gjftflEzH7Bf/sHW kayafc8qhh5Wzmbxas/6DY2eqf4YMPle1yb3wrrdIs6NmUAOoHE73wQy+AfnX78iqv3e B+JVOFP5ZF2CW2UB2DAMdSpxOy+/yNsEg8Y9+iK3VxZbfN2UP/lKMt5k/KQKCuiYX6/r MeSg== X-Gm-Message-State: AOAM531clg+BTDzuC2O56hxN1sv1CxQfsgZZ5WJpudG+aNsfHnlZFZ3Z 6L/muX3Wa1ztyh71UpCP42Khoc1PaqVRabRh1ymU+2if X-Google-Smtp-Source: ABdhPJy5LJK+gByGs0YR0r6VCCAtjKjwXaYNXfcH+fpIxe38FlH5RFz2cmahfITeFgffCXozzXtiyhanuhi5mwYqEdw= X-Received: by 2002:a1f:1c47:0:b0:357:d477:3354 with SMTP id c68-20020a1f1c47000000b00357d4773354mr1337848vkc.28.1654145760319; Wed, 01 Jun 2022 21:56:00 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:6102:227a:0:0:0:0 with HTTP; Wed, 1 Jun 2022 21:55:59 -0700 (PDT) In-Reply-To: References: <1d537d66-b454-46fd-b1e8-e78d7acd88a1@sirjofri.de> From: Mart Zirnask Date: Thu, 2 Jun 2022 07:55:59 +0300 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: hardware self-signing factory-aware layer Subject: Re: [9front] Introduction and regarding guidance Reply-To: 9front@9front.org Precedence: bulk Hi Deepak, If you want a good overview of the system, Nemo's book "Introduction to OS Abstractions using Plan 9" is excellent. An enjoyable read, too: http://doc.cat-v.org/plan_9/9.intro.pdf Mart On 02/06/2022, william@thinktankworkspaces.com wrote: > I use drawterm cloned from git repo via cmd line ./drawterm -a ip -h ip -u > username and only enter password once unless > I have ipso in /lib/profile then I use the password twice. > > > > Quoth sirjofri : >> Hello, >> >> 02.06.2022 03:54:41 Noam Preil : >> > I looked into this a few months ago for much the same reason. >> > >> > First, drawterm has to auth *to* the remote, to start the session. To >> > do >> > so via secstore, it loads the auth key from secstore, discards the >> > secstore file, and uses the key to auth in (then forgetting the key as >> > with any other). >> > >> > Factotum loaded *from the remote end* then gets started, and wants the >> > keys from secstore. So, it logs into secstore as with any other time >> > you run auth/factotum in userspace. >> > >> > In theory, there's a couple solutions: >> > >> > * Accept the status quo. This isn't a great answer, but really there's >> > two things doing authentication, so why *shouldn't* it ask for the >> > password twice? >> >> That's what I currently personally do. Also sometimes you don't need a >> factotum at all. >> >> > * Well, maybe there shouldn't be two things during authentication. If >> > factotum is run *by drawterm*, and that normal factotum is used for >> > initial auth, then there's no need to run factotum after connecting, >> > and >> > the password only gets asked for once. >> >> If you look in default lib/profile that's what is done here: the >> /mnt/term/dev/secstore file is read into /mnt/factotum/ctl to add the >> keys, then the file is cleared. So much for the theory, I never got it >> working. >> >> > * Or, maybe drawterm should hold on to the factotum keys from secstore, >> > seed them to the factotum, and *then* forget them. >> >> In lib/profile this isn't done by drawterm, and I think drawterm should >> be agnostic to the factotum system of the host. >> >> > There's probably a couple options I haven't thought of. The hardest >> > part >> > is to figure out *desired* behavior. Once that's known, the actual code >> > should be relatively straightforward. >> >> What I believe would be a huge step forward: imagine drawterm just has a >> full factotum device like a 9 host. You could just forget about running a >> >> factotum on the host at all, and just bind /mnt/term/mnt/drawterm >> /mnt/drawterm and call it a day. It would be possible, but someone has to >> >> port factotum to drawterm, I can imagine it's not that easy because of >> platform specific code. >> >> Some magician who listens could do that. >> >> My 2 cents, as a drawterm-on-windows user. >> >> sirjofri >> > >