Plan 9 from Bell Labs’s /usr/web/sources/patch/sorry/factotum_p9any_force_dom/readme

Copyright © 2021 Plan 9 Foundation.
Distributed under the MIT License.
Download the Plan 9 distribution. 


The patch permits the file server to force a domain to be used in the
p9any negotiation. The dom is specified in  fss->attr.
If dom is not specified, factotum will work as it currently does.

For example, in a file server's Srv .auth function:

	...
	snprint(aux, 128, "proto=p9any dom=%s role=server", dom);		
	srv->keyspec = estrdup9p(aux);
	...
	key = srv->keyspec;
	keylen = strlen(key);	
	if(auth_rpc(af->rpc, "start", key, keylen) != ARok)
		goto fail;
	af->uid = estrdup9p(r->ifcall.uname);
	...
	
P9any currently negotiates the proto@dom sending all the p9sk* keys
(that can be used as a server) stored in the Server's 
factotum ring.  Client's factotum selects one of them, and then the p9sk1
protocol starts. 

That scheme works well with stand alone file servers. The problem arises when  
terminals run  file servers that needs authentication. 
The user's secstore can contain several p9sk* keys, but some of them
can be inappropriate to authenticate the session. 
This  problem cannot  be solved  using the 'role' attribute, because different
file systems running in this terminal would need to be authenticated through 
different auth servers (and the user would need to use these keys to access 
other file servers as client).

Bell Labs OSI certified Powered by Plan 9

(Return to Plan 9 Home Page)

Copyright © 2021 Plan 9 Foundation. All Rights Reserved.
Comments to [email protected].