Thank you for dedicating a little of your time to review cifs :-)
I will be alert to updates to test again trying to connect via cifs to
various scenarios: Win10, Zentyal Linux (domain) and a small machine
with MX Linux 21 installed only for tests with Plan9 and cifs with a
share as 'guest'.
El d
i am the author of cifs.
i may have some slightly more recent fixes than 9 front has, i will check.
the manual page does explain some registry settings you may need to tweak to
get it to work - to do with windows getting more and more restrictive about the
authentication protocols it supports.
Thank you very much for the information.
You are absolutely right: the documentation offered in /sys/doc offers
a lot of useful information to understand how Plan9 works.
One of the first documents I read was the "Plan 9 From Bell Labs" and
just after almost the entire "book" DASH 1 from 9front.o
fatotum is quite easy, since it's a client as a filesystem.
The "real" server you can set up (but it's optional) is the secstore
server which persistently holds your keys.
factotum just uses these keys (or the ones you entered manually or read
in through a custom mechanism, e.g. a file) to ha
> The following is all hypothetical. I'm curious about how people
> think auth(2)/factotum(4) could be adapted to support the use
> case ...
>
> factotum was intended to handle the authentication dance on behalf
> of network apps. But in the case of things like IMAP, it really
> just stores the c
i'd like to see the auth server do more of the work.
--
9fans: 9fans
Permalink:
https://9fans.topicbox.com/groups/9fans/T8154f8e7b95f1a8c-M269a6e45351ce1fc554237ae
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
And work under p9p. Me too! Plug in a proper X-based WM and I can get
some performance out of my rather dated equipment again.
Lucio.
On 1/24/20, Lyndon Nerenberg wrote:
> The following is all hypothetical. I'm curious about how people
> think auth(2)/factotum(4) could be adapted to support the
The following is all hypothetical. I'm curious about how people
think auth(2)/factotum(4) could be adapted to support the use
case ...
factotum was intended to handle the authentication dance on behalf
of network apps. But in the case of things like IMAP, it really
just stores the client's login/
Good afternoon,
On Sat, Nov 29, 2014 at 08:46:08PM +0100, Enrico Weigelt, metux IT consult
wrote:
> A really cool feature, IMHO, would be able to connect my local factotum
> to remote ones easily, so I'll get a similar feature like eg. lastpass
> is doing for the web. For example, somebody like
On 02.12.2014 16:40, plann...@sigint.cs.purdue.edu wrote:
> To be fair, he's not talking about using Plan 9, just leveraging something
> factotum-like under Linux.
Exactly.
I wanna get rid of dbus and polkit, replace it by something 9P-based.
Before hacking up something on my own, I'm just loo
On 02.12.2014 10:50, Richard Miller wrote:
> For this sort of functionality the computer needs to be running as
> a plan 9 cpu server, not a terminal in which by definition hostowner
> controls everything.
>
> Somewhere in /contrib there is a patch which makes a few changes to
> the cpu kernel to
9love is tough love.
On Tue, Dec 2, 2014 at 7:40 AM, wrote:
> On Mon, Dec 01, 2014 at 08:08:04PM -0800, erik quanstrom wrote:
> > On Sat, 29 Nov 2014 20:46:08 +0100, Enrico Weigelt, metux IT consult
> wrote:
> >> So, how would a Plan9 solution for these usecases look like ?
> >>
> >> In fact, I
if i understand correctly, the basic issues you're trying to solve (beyond
authentication), are "delegation" and "authorization". because you're
targeting non-plan9 environments, my comments will be focused on those
environments.
any decent IT with heterogeneous OS environments will have a Kerbero
On 12/02/2014 10:40 AM, plann...@sigint.cs.purdue.edu wrote:
On Mon, Dec 01, 2014 at 08:08:04PM -0800, erik quanstrom wrote:
On Sat, 29 Nov 2014 20:46:08 +0100, Enrico Weigelt, metux IT consult wrote:
So, how would a Plan9 solution for these usecases look like ?
In fact, I intend to rewrite n
On Mon, Dec 01, 2014 at 08:08:04PM -0800, erik quanstrom wrote:
> On Sat, 29 Nov 2014 20:46:08 +0100, Enrico Weigelt, metux IT consult wrote:
>> So, how would a Plan9 solution for these usecases look like ?
>>
>> In fact, I intend to rewrite network-manager to some 9p-based solution,
>> so I'd lik
> To mimic the usual Unix behaviour, I would need some getty/login-alike
> program, which asks for login credentials and then starts up things
> like shell or gui (some window-manager-/DE-alike program) as the
> corresponding, which then is _not_ the hostowner.
For this sort of functionality the c
> > But, IMHO, this is precisely the difference between Unix and Plan9.
> >
> > In Unix, the console or X11 are dumb terminals. There are only
> > no-computing-capabilities devices to interact; they are no terminals as
> > in Plan9.
>
> Okay, than that's perhaps what I'm missing yet.
>
> To mimi
On 01.12.2014 11:38, tlaro...@polynum.com wrote:
Hi,
> But, IMHO, this is precisely the difference between Unix and Plan9.
>
> In Unix, the console or X11 are dumb terminals. There are only
> no-computing-capabilities devices to interact; they are no terminals as
> in Plan9.
Okay, than that's p
> The guy in front of the console should authenticate as a normal user
But you do authenticate to Plan 9 as a normal user. On one node you're
the hostowner, but to the *system* you authenticate as a normal user.
One guy on here lately was actually attaching to his fileserver as
none.
A "system" is
> But, IMHO, this is precisely the difference between Unix and Plan9.
The important difference is that in Unix the "terminal", specially
graphics terminals like X servers, have to be trusted to be in good
hands - which cannot be enforced. When you look at NFS, for example,
a trusted network node
On Mon, Dec 01, 2014 at 09:00:46AM +0200, lu...@proxima.alt.za wrote:
> > The guy in front of the console should authenticate as a normal user
> > and then only be allowed to access his own environment (no direct
> > control over hw, etc).
>
> The guy is not in front of the "console", he has physi
> The guy in front of the console should authenticate as a normal user
> and then only be allowed to access his own environment (no direct
> control over hw, etc).
The guy is not in front of the "console", he has physical and
therefore unrestricted access to all the resources in the terminal. A
C
On 29.11.2014 22:23, erik quanstrom wrote:
>> In my scenario, I'm (more precisely: the account I'm using) not the
>> hostowner, just a plain user - in Unix terms: non-root). But that
>> account has the special privileges of controlling the network
>> connections. Other accounts may only choose from
> In my scenario, I'm (more precisely: the account I'm using) not the
> hostowner, just a plain user - in Unix terms: non-root). But that
> account has the special privileges of controlling the network
> connections. Other accounts may only choose from a predefined list
> of connections.
if you've
On 29.11.2014 20:46, erik quanstrom wrote:
Hi,
>> So, how would a Plan9 solution for these usecases look like ?
>
> plan 9 doesn't pretend that the hostowner doesn't fully control the box,
> so it doesn't attempt to prevent the hostowner from e.g. turning wireless
> on and off.
In my scenario,
> So, how would a Plan9 solution for these usecases look like ?
plan 9 doesn't pretend that the hostowner doesn't fully control the box,
so it doesn't attempt to prevent the hostowner from e.g. turning wireless
on and off.
- erik
On 18.11.2014 09:22, Skip Tavakkolian wrote:
thanks folks ... seems I need to think through all of this more deeply.
If I'm not completely mistaken, factotum can also handle various
authentication protocols, and may be the only one who really knows
the actual secrets.
One scenario I'm thinking
to do a comparative analysis of the functions it makes sense to know one
side very well. i found it easier to understand factotum and compare the
others to factotum. to me SASL is more like the functions of factotum's rpc
and proto files. Window's Local Security Authority (LSA) combined with
Secur
> do you have a reference for this claim?
The claim that Russ first produced a utility called agent, or that the
server logic resides in servers? I may have summarised the protocol
poorly, but factotum is an intermediary, neither client seeking
authentication, nor server validating credentials.
> Factotum (Russ may correct me) is modelled on SSH's agent. The SASL
> type functionality resides in the servers that use factotum, so I'd
> say the differences are quite significant.
>
> There is a paper on Plan 9 security that makes very interesting
> reading.
do you have a reference for this
> Could anybody with deeper insight perhaps give some detailed
> comparison between them ?
Factotum (Russ may correct me) is modelled on SSH's agent. The SASL
type functionality resides in the servers that use factotum, so I'd
say the differences are quite significant.
There is a paper on Plan 9
> I've got the impression that there're some similarities between SASL
> (saslauthd) and Factotum - at least at the point that both are
> offloading actual authentication handshakes to a separate service.
> But I have to admit that I didn't have done a deeper analysis of
> these two.
>
> Could any
Hi folks,
I've got the impression that there're some similarities between SASL
(saslauthd) and Factotum - at least at the point that both are
offloading actual authentication handshakes to a separate service.
But I have to admit that I didn't have done a deeper analysis of
these two.
Could anybod
Hi,
Has anyone tried to make Factotum use Identity based encryption? See
http://crypto.stanford.edu/pbc/. The idea would be to make it a private key
generator. Then everything on the network could use a URI to encrypt stuff.
PKI would still be needed to secure identity of the PKG but it stil
On Apr 8, 2013 5:19 PM, "Bence Fábián" wrote:
>
> Include a link if you're reffering something.
> It helps a lot.
>
> http://swtch.com/~rsc/talks/nauth.pdf
>
>
> 2013/4/8 Stuart Morrow
>>
>> Tip: Any time someone says read auth.ps, take it to mean read
>> nauth.pdf; auth.ps; nauth.pdf, where naut
Thanks for the hints and the link to Russ' post. I think I'll play
around with some of this :)
> A little bit off-topic: I'm rather new to plan9(port) stuff, how does
> your factotum setup with linux look like / what is it used for?
I boot in init 3. Just after login, my profile script execute
factotum, ask for the password, feed it from a local secstore,
then launch rio or wmii.
Factotum
2011-11-23 09:33:04 David du Colombier <0in...@gmail.com>
> I am using Factotum on both Plan 9 and Linux for years.
A little bit off-topic: I'm rather new to plan9(port) stuff, how does
your factotum setup with linux look like / what is it used for?
Ruben
I am using Factotum on both Plan 9 and Linux for years.
The lack of a proper integration in modern browsers always
bothered me.
I recall it was discussed here in the past, but nothing
was done to my knowledge.
So far, I used a tool to display the required login and password
from Factotum, and c
I don't know if any exist out there, but I've been thinking of trying
to hack something together recently. I've gone as far as compiling
Chromium from source. (A major step on its own!)
This came to me after rediscovering WebID (previously known as
foaf+ssl) which uses client-side certificates. Fac
> makes it sound like the -a option takes precedence
> over cs and ndb. But the code for _autdial() in
> util.c looks for cs first and if it's there, the
> -a option is ignored. (In p9p, -a seems to be ignored
> altogether.)
>
> Which way should it be? I'd prefer if -a took precedence,
> but if
There appears to be a disagreement between the
factotum man page and its actual behavior regarding
the -a option. In the man page, the wording:
-a supplies the address of the authentication server to
use. Without this option, it will attempt to find an
authentication server by queryi
On Tue, Mar 10, 2009 at 5:30 PM, Skip Tavakkolian <9...@9netics.com> wrote:
> /sys/doc/auth.ps is much more interesting.
Sure, I was reading plan 9 papers in general today... that's likely a good
read :-)
>
>
> my analogy is that YOU are factotum and your assistant is the program
> that you (fa
/sys/doc/auth.ps is much more interesting.
my analogy is that YOU are factotum and your assistant is the program
that you (factotum) will authenticate to the remote system to act on
your behalf.
> Factotum is some guy in the room that, even though you have the phone, you
> keep asking what to say
On Tue, Mar 10, 2009 at 4:01 PM, David Leimbach wrote:
> Factotum is some guy in the room that, even though you have the phone, you
> keep asking what to say next on the line to get authentication to happen.
> Is this a bad analogy?
The analogy is exactly right.
Took me a while to parse it
but I
Factotum is some guy in the room that, even though you have the phone, you
keep asking what to say next on the line to get authentication to happen.
Is this a bad analogy?
Factotum is available on the client side during authentication via a library
we can use to talk to it. When we get an "afd" w
>>
>> i'd like to see a way of asking factotum "please save your keys to
>> secstore",
>> although there's some difficulty getting it right, as there are
>> potentially many factotums
>> to one secstore, or even worse, several secstores.
>>
>
> Plumbing? May not help with multiple secstores
On Tue, May 6, 2008 at 4:51 AM, roger peppe <[EMAIL PROTECTED]> wrote:
>
> i'd like to see a way of asking factotum "please save your keys to secstore",
> although there's some difficulty getting it right, as there are
> potentially many factotums
> to one secstore, or even worse, several secst
On Sun, May 4, 2008 at 2:57 AM, erik quanstrom <[EMAIL PROTECTED]> wrote:
> it is not factotum's job to provide persistant storage. that would
> infringe upon secstore's franchise.
that said, i sometimes wish the interface between factotum and secstore
was a bit more slick, particularly when de
no latin? ok. find the monkees episode where the word is used.
it was shown on cable when presto was going in deep. he has support
from re-runs.
brucee
On Sun, May 4, 2008 at 11:57 AM, erik quanstrom <[EMAIL PROTECTED]> wrote:
> >>
> > I just wish it didn't have a bleak memory. Is there a way to
>>
> I just wish it didn't have a bleak memory. Is there a way to force it
> to remember passwords for ftpfs?
it is not factotum's job to provide persistant storage. that would
infringe upon secstore's franchise.
- erik
On May 3, 2008, at 9:37 PM, Russ Cox wrote:
Fac*to"tum (făk*tō"tŭm), n.; pl. Factotums (- tŭmz). [L., do
everything; facere to do + totus all : cf. F. factotum. See /Fact/,
and /Total/.] A person employed to do all kinds of work or
business.
B. Jonson.
And that d
>>Fac*to"tum (făk*tō"tŭm), n.; pl. Factotums (- tŭmz). [L., do
>> everything; facere to do + totus all : cf. F. factotum. See /Fact/,
>> and /Total/.] A person employed to do all kinds of work or business.
>> B. Jonson.
> And that definition relates to the factotum system ho
On May 3, 2008, at 6:54 PM, erik quanstrom wrote:
factotum comes from the Charles Bukowski's book?
i thought the reference was older
minooka; dict
*/factotum/
1 Fac*to"tum
*1
Fac*to"tum (făk*tō"tŭm), n.; pl. Factotums (- tŭmz). [L., do
e
> factotum comes from the Charles Bukowski's book?
i thought the reference was older
minooka; dict
*/factotum/
1 Fac*to"tum
*1
Fac*to"tum (făk*tō"tŭm), n.; pl. Factotums (- tŭmz). [L., do
everything; facere to do + totus all : cf. F. factot
factotum comes from the Charles Bukowski's book?
56 matches
Mail list logo
