Phil Kulin said: > I intsalled combined cpu/auth server > I need some explanatories for plan9 security model, because I have > some troubles with undestanding dependences between factotum,secstore > and keyfs. > > First I don't undestand why I must run auth/secstored on my auth > server.
auth/secstored serves secstore. A user have its secstore stored in the auth server. Then a user boots a terminal. The terminal wants to provide the user with a nice secstore, but it doesn't have any. The terminal asks the auth server for the missing secstore by talking to the auth/secstored server running there. > In fact keyfs provide to me interface to keys at nvram, and > secstore provide to me interface to keys at nvram... > Second I don't undestand what means "password" (after "secstore key") > in auth/wrkey dialog. System password? Who is a "system password"? > > Third I think that I must to add all my permanent auth-server users > (users with remote terminals) of my "auth domain" to secstore on > auth-server. But cpu-server users of THIS cpu-server I must add to > factotum too. I must copy some keys from secstore to factotum at boot > time if I want to grant access to both auth and cpu servers. Am I > right? > > Forth why noany ask me to password to access to secstore at boot time? > > Thanks :) > > -- > Phil Kulin > -- -- Alberto Cortés
