security model

I intsalled  combined cpu/auth server
I need some explanatories for plan9 security model, because I have
some troubles with undestanding dependences between factotum,secstore
and keyfs.

First I don't undestand why I must run auth/secstored on my auth
server. In fact keyfs provide to me interface to keys at nvram, and
secstore provide to me interface to keys at nvram...

Second I don't undestand what means "password" (after "secstore key")
in auth/wrkey dialog. System password? Who is a "system password"?

Third I think that I must to add all my permanent auth-server users
(users with remote terminals) of my "auth domain" to secstore on
auth-server. But cpu-server users of THIS cpu-server I must add to
factotum too. I must copy some keys from secstore to factotum at boot
time if I want to grant access to both auth and cpu servers. Am I
right?

Forth why noany ask me to password to access to secstore at boot time?

Thanks :)

--

-- 
Phil Kulin

Re: security model

i'll take a stab at this.

On Thu Feb  1 08:34:58 EST 2007, schors <at> gmail.com wrote:
> I intsalled  combined cpu/auth server
> I need some explanatories for plan9 security model, because I have
> some troubles with undestanding dependences between factotum,secstore
> and keyfs.
> 
> First I don't undestand why I must run auth/secstored on my auth
> server. 

it is not required.  secstore provides secure storage for users. also you
don't need to run secstore on the auth server, but for most people
that's where it makes sense.

> In fact keyfs provide to me interface to keys at nvram, and

keyfs provides an interface to /adm/keys*.  nvram is something different.
on a cpu server, nvram stores the hostowner, and the hostowner's password
(secret) and a few other things so the machine can boot without operator
intervention.  

> secstore provide to me interface to keys at nvram...

no.  secstore is secure storage for users.  however, factotum will consult
secstore for you and try to load keys from the secstore file called
"factotum".  you can store anything you'd like in secstore.

> 
> Second I don't undestand what means "password" (after "secstore key")

Re: security model

second try... 

i'll take a stab at this.

On Thu Feb  1 08:34:58 EST 2007, schors <at> gmail.com wrote:
> I intsalled  combined cpu/auth server
> I need some explanatories for plan9 security model, because I have
> some troubles with undestanding dependences between factotum,secstore
> and keyfs.
> 
> First I don't undestand why I must run auth/secstored on my auth
> server. 

it is not required.  secstore provides secure storage for users. also you
don't need to run secstore on the auth server, but for most people
that's where it makes sense.

> In fact keyfs provide to me interface to keys at nvram, and

keyfs provides an interface to /adm/keys*.  nvram is something different.
on a cpu server, nvram stores the hostowner, and the hostowner's password
(secret) and a few other things so the machine can boot without operator
intervention.  

> secstore provide to me interface to keys at nvram...

no.  secstore is secure storage for users.  however, factotum will consult
secstore for you and try to load keys from the secstore file called
"factotum".  you can store anything you'd like in secstore.

Re: security model

> I intsalled  combined cpu/auth server
> I need some explanatories for plan9 security model, because I have
> some troubles with undestanding dependences between factotum,secstore
> and keyfs.
> 
> First I don't undestand why I must run auth/secstored on my auth
> server. In fact keyfs provide to me interface to keys at nvram, and
> secstore provide to me interface to keys at nvram...

there isn't any need to run secstored.  they do quite different things,
though.

secstored securely stores files on behalf of users, in particular a
file "factotum" that holds keys that user wants loaded into the user's
factotum on login.  of course one of those users could be a system
user (eg, "bootes").

you need auth/keyfs though, to hold the per-user shared secrets used
to authenticate them to a plan 9 domain.  it manages /adm/keys.

> Second I don't undestand what means "password" (after "secstore key")
> in auth/wrkey dialog. System password? Who is a "system password"?

it's the shared secret that allows one plan 9 server to authenticate itself to another.
it also encrypts the keys file.  the secstore key is a separate key used by secstored.

> Third I think that I must to add all my permanent auth-server users
> (users with remote terminals) of my "auth domain" to secstore on
> auth-server.

Re: security model

Phil Kulin said:

> I intsalled  combined cpu/auth server
> I need some explanatories for plan9 security model, because I have
> some troubles with undestanding dependences between factotum,secstore
> and keyfs.
> 
> First I don't undestand why I must run auth/secstored on my auth
> server.

auth/secstored serves secstore.

A user have its secstore stored in the auth server.

Then a user boots a terminal.

The terminal wants to provide the user with a nice secstore, but
it doesn't have any. The terminal asks the auth server for the
missing secstore by talking to the auth/secstored server running
there.

> In fact keyfs provide to me interface to keys at nvram, and
> secstore provide to me interface to keys at nvram...

> Second I don't undestand what means "password" (after "secstore key")
> in auth/wrkey dialog. System password? Who is a "system password"?
> 
> Third I think that I must to add all my permanent auth-server users
> (users with remote terminals) of my "auth domain" to secstore on
> auth-server. But cpu-server users of THIS cpu-server I must add to

Re: security model

2007/2/1, erik quanstrom <quanstro <at> coraid.com>:

Many regards for you answers. I review manuals more closely with
referenses on this thread and understanding source of my problems.

I created keys, nvram keys, reboot and use auth/changeuser bootes and
reboot again. So, after reboot, I start vncs. But, my vnc client
failes to authorise on plan9 server. I tried again and again. I used
different variants and google searching. I tried to compare with the
documentation to the situation. I was confused with this behaviour.

All has appeared simply. When I have read through precise answers, I
have methodically looked all dependent files. /adm/keys* have
permissions owned by user admin (installation process?). I removes and
recreates that files as I find at file-server instruction.

All works right now.  And I at last have understood as it works.

> > Second I don't undestand what means "password" (after "secstore key")
> > in auth/wrkey dialog. System password? Who is a "system password"?
> secstore requires a password before it will allow access.  in this case factotum
> is trying to to retrive the file "factotum" on your behalf.

All equally has not understood. Whether it is possible to describe
more in detail these two passwords (secstore key and password) and
their value? Who for whom and when follows in the subsequent
situations.

--

-- 
Да будет осиян звездой момент нашей переписки!

Re: security model

On Thu Feb  1 13:39:00 EST 2007, schors <at> gmail.com wrote:
> 2007/2/1, erik quanstrom <quanstro <at> coraid.com>:
> All has appeared simply. When I have read through precise answers, I
> have methodically looked all dependent files. /adm/keys* have
> permissions owned by user admin (installation process?). I removes and
> recreates that files as I find at file-server instruction.

these files need to be owned by the hostowner of the auth server.

> 
> All works right now.  And I at last have understood as it works.
> 

great.

> All equally has not understood. Whether it is possible to describe
> more in detail these two passwords (secstore key and password) and
> their value? Who for whom and when follows in the subsequent
> situations.

this confuses me a bit, too.  the key is the user name and the key
is the password.  the reason for this is secstore is written in very general 
terms.  in practice, the keys are generally user names.

- erik

> 
> -- 
> Да будет осиян звездой момент нашей переписки!
> Phil Kulin

pl2303 (hx-type)

Hi,

I'am trying to initialize a usb<->serial adapter called pl2303,
type HX, with a program derived from Christoph Lohmann's usbuart (with
setupreq added from cmd/usb/lib/setup.c). At the beginning, a sequence
of commands is sent over ep0, some proprietary ones and things like
the baudrate value.

Though, the device does not behave as expected, but seems to persist in
some kind of "read-only" state, i.e. it probably does not accept the
line settings (which contains the baudrate).

In contrast, with a user-space program on Linux (based on libusb),
containing the same initialization instructions, i'm able to set up
that adapter.

[The initialization in detail (ep0 messages,
 written to /dev/usb1/1/setup:

    Set configuration and interface (perhaps superfluous, as usbd
    already does it?):
out[8] 00 09 01 00 00 00 00 00
out[8] 01 0b 00 00 00 00 00 00

    Proprietary sequence:
out[8] c0 01 84 84 00 00 01 00	in[1] 02
out[8] 40 01 04 04 00 00 00 00
out[8] c0 01 84 84 00 00 01 00	in[1] 02
out[8] c0 01 83 83 00 00 01 00	in[1] 00
out[8] c0 01 84 84 00 00 01 00	in[1] 02

Re: security model

erik quanstrom <quanstro <at> coraid.com> writes:

> i'll take a stab at this.
>
> On Thu Feb  1 08:34:58 EST 2007, schors <at> gmail.com wrote:
...
>> First I don't undestand why I must run auth/secstored on my auth
>> server. 
>
> it is not required.  secstore provides secure storage for users. also you
> don't need to run secstore on the auth server, but for most people
> that's where it makes sense.
...

drawterm (on linux, at least) always tries to contact secstore on the
authserver during startup.  So it may not be *required* to run
secstore there, but I guess doing otherwise is not feasible.

Regards,

    Jorge-León

Re: security model

it times out, reasonably quickly on the systems i've used.
it then falls back to talking directly to an auth server.

From: Georg Lehner <jorge-plan9 <at> magma.com.ni>
Subject: Re: [9fans] security model
Date: 2007-02-01 22:35:42 GMT

erik quanstrom <quanstro <at> coraid.com> writes:

> i'll take a stab at this.
>
> On Thu Feb  1 08:34:58 EST 2007, schors <at> gmail.com wrote:
...
>> First I don't undestand why I must run auth/secstored on my auth
>> server. 
>
> it is not required.  secstore provides secure storage for users. also you
> don't need to run secstore on the auth server, but for most people
> that's where it makes sense.
...

drawterm (on linux, at least) always tries to contact secstore on the
authserver during startup.  So it may not be *required* to run
secstore there, but I guess doing otherwise is not feasible.

Regards,