well, that's where secstore comes in for some of us. one of my lib/profile
contains
this ancient section
auth/factotum
fn secstore{
{auth/secstore -G factotum -s $1 | read -m >/mnt/factotum/ctl} &&
fn secstore {}
}
for(a in $SECSTORE1 $SECSTORE2){
secstore $a
}
secstore (and secstored) is the conventional answer there. It typically runs on your auth server, and factotum will connect to it when it starts, to load your keys. Things are encrypted on disk, and you only need the secstore password.The ‘feedkeys’ script demonstrates how to do it manually, after
I still haven't managed to understand how to get my keys into factotum without
having to manually push them each time. I have a script that runs the echo 'key
proto', etc to /mnt/factotum/ctl for all of my passwords, but it's in an
unencrypted text file. The instructions don't make sense to me o
I did a go implementation of secstore, for reasons, based on the Inferno
one, and the protocol isn't ideal at several points
(which I'd have to look up again), for error handling as I recall. it uses
AES in a CBC mode, over an RC4 SSL
(just for the records, not for anything really SSL). The Go
secf
I like secstore, but the chicken-or-egg question is real. It's
from the world where you have a dedicated auth server, and that
doesn't always track with a laptop needing a key to get to the
network. I do store my wpa key outside secstore for this reason,
and then use it for everything else. Still,
Lyndon Nerenberg (VE7TFX/VE6BBM) writes:
> Not replace.
Sorry, I meant to say 'not remove'.
--
9fans: 9fans
Permalink:
https://9fans.topicbox.com/groups/9fans/T2e892f330bc0513b-Ma0552d37a1adaae36de251d7
Delivery options: https://9fans.topicbox.com/groups/
hiro writes:
> maybe we should get rid of secstore then? or how could it be made useful?
Not replace. Sectore is useful for more than just factotum.
But the sectore interface is very clunky, and I think that's
what turns people away from it. While I keep confidential
files other than factotum
I spent years working with chromebooks and once I did a coordinate
transformation from that security model to what Plan 9 does, things
made a lot more sense :-)
That said, I think, if anyone has time, it's worth taking a look at
what chromebooks did for security. It might have some use in the
futu
I use it (in my 9front Pi cluster). Works for me.
It could probably use some improvement in terms of tools for managing
the stored keys, plus I never figured out how to avoid needing to enter
my secstore password twice instead of just once every time I log in, but
it's not exactly broken.
18.12.2024 04:05:52 hiro <23h...@gmail.com>:
>> for some reason, they wrkey/keyfs/secstored/secstore/factotum dance
>> was something I always struggled with. Some things never change ;-)
>
> maybe we should get rid of secstore then? or how could it be made useful?
Iirc it's quite insecure also. At
> for some reason, they wrkey/keyfs/secstored/secstore/factotum dance
> was something I always struggled with. Some things never change ;-)
maybe we should get rid of secstore then? or how could it be made useful?
--
9fans: 9fans
Permalink:
https://9fans.t
for some reason, they wrkey/keyfs/secstored/secstore/factotum dance
was something I always struggled with. Some things never change ;-)
I also just realized: it seems there is no route to 127.0.0.1 -- is
this intentional?
On Tue, Dec 17, 2024 at 4:01 PM Ron Minnich wrote:
>
> Thanks, I had deci
Thanks, I had decided to go the lazy route as you mentioned and fill
factotum directly.
On Tue, Dec 17, 2024 at 2:43 PM sirjofri wrote:
>
> Hi,
>
> In the original thread message, rminnich is asking for wpa2 passwords, so I
> assume you need ot for connecting your laptop to a network - which
Hi,
In the original thread message, rminnich is asking for wpa2 passwords, so I
assume you need ot for connecting your laptop to a network - which is an
important point in this thread, if you need the wpa2 keys to be able to network
in the first place.
Running auth/factotum is generally the of
> I don't actually know where to look for useful docs.
cpu% lookman secstore
man 1 secstore # secstore(1)
man 1 ssh2 # ssh2(1)
man 2 aes # aes(2)
man 2 authsrv # authsrv(2)
man 4 cwfs # cwfs(4)
man 4 factotum # factotum(4)
man 4 ssh # ssh(4)
man 8 drawterm # drawterm(8)
man 8 plan9.ini # plan9.in
Quoth rminn...@p9f.org:
> It's been a few years since I did this ...
>
> I'm trying to remember how to set up secstore as I'd like to save, e.g.,
> WPA2 passwords, iCloud application specific password, all that good stuff. I
> don't actually know where to look for useful docs.
>
> I see the n
It's been a few years since I did this ...
I'm trying to remember how to set up secstore as I'd like to save, e.g., WPA2
passwords, iCloud application specific password, all that good stuff. I don't
actually know where to look for useful docs.
I see the nice ipso tool from 9front, and have me
17 matches
Mail list logo
