18.12.2024 04:05:52 hiro <23h...@gmail.com>: >> for some reason, they wrkey/keyfs/secstored/secstore/factotum dance >> was something I always struggled with. Some things never change ;-) > > maybe we should get rid of secstore then? or how could it be made useful?
Iirc it's quite insecure also. At least, cinap mentioned something like that some time ago (check the 9front ml archive, a few months ago, if you want). He also said that he basically has another solution that just needs some combination with other tools/services. The solution would be based around stashfs[1]. Personally, is welcome a more secure solution. I'm not a security guy myself, but if people warn me that I should not run secstore on a publicly reachable service... I mean, it's like putting your keys right in front of the door. Or inside a pot in front of the door since nobody knows about secstore, so it's at least somewhat hidden. In general, the handling of secstore is "fine" in my opinion. It's a separate service with it's own user management and a separate installation routine for cpu servers. I think everything is pretty much understandable if you start dissecting "the whole" in your mind to understand the individual components. The individual commands make sense then (even though you always need to read the man pages[2] to manage it since you don't touch that part of the system very often). sirjofri [1] https://shithub.us/cinap_lenrek/stashfs/HEAD/info.html [2] I find myself being lazy and reading the fqa instead. Sometimes the man pages list all the parts, but don't show how it's done. Like, there's no "Getting Started" or "Quick Start Guide", and plan 9's not ikea. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T2e892f330bc0513b-M168e79b077a072dbe954da15 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
