> it's a bit awkward doing inferno auth with factotum, as you
> have to manually manipulate the keys generated by the login(6)
> process. it'd be nice if there was some way for a factotum
> protocol to generate a key that stayed in long term storage (i.e. in secstore)
> but currently, i don't think there's a way to do it, other
> than manually.
even a manual process would be cleaner and
likely more secure than the current setup:
; echo export>/mnt/factotum/ctl
; secstore password: *****
editing one's secstore factotum file is something
that's easy to get wrong and easy to do insecurely.
e.g. giving the wrong arguments to ramfs.
- erik
