On Mon, Jul 13, 2009 at 4:45 PM, hiro<23h...@googlemail.com> wrote:
> When I need remote access I nowadays use v9fs+ssh.
> Multi-user auth in kernel like you propose sounds nice and consistent,
> but too complicated. It doesn't fit linux, and thus an additional
> deamon would mean one more place of security relevant code prone to
> bugs.
>
While I agree with that being the state of things today, it doesn't mean
we shouldn't push for better. Maybe the Glendix folks will make things
consistent (and bug free).
>
> From a security (and perhaps simplicity) point of view userspace
> authentication sounds more reasonable to me, p9p together with
> something like fuse (even together with the new userspace hackery) or
> perhaps a single-user v9fs combined with inferno for doing the
> auth/crypt work seems a lot more reasonable to me than additional
> clever hackery from the plan9 side. Not sure if somebody has something
> like this working already...
>
I have a variant using Inferno right now, mounting the file system directly
from the stdin/stdout of the emu. Combined with private namespaces it
provides a seemingly secure mechanism for accessing remote resources
as well as providing local resources to remote cpu services.
-eric
