Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[9fans] terminal level authentication

1 view
Skip to first unread message

Fernan...@astec-power.com

unread,
Mar 28, 2005, 5:02:55 AM3/28/05
to


I recently put together a small plan 9 network.

I noticed that just about anyone can access the terminal,
because it does not ask for authentication when I log in.
It will only ask for my password when access the cpu server
or import from the servers.

I am not sure if it was a mistake on my part that I might
have overlooked a step. If so can you pls tell me which steps?

Assuming I did not make a mistake during the installation.
If a user decided to make use of the terminals disks
to store data, what protects these data from other users? Ofcourse
this would be irrelevant if the terminals where made of diskless
machines which relies on the fileserver to provide the disk space.

As I understand it, Just installing the distro form the bell labs site.
The reulting machine is a standalone terminal.

If I decide to follow the configuring the cpu server in the wiki,
this will give me a cpu server.

,Fernan

Heiko Dudzus

unread,
Mar 28, 2005, 10:21:24 AM3/28/05
to
Hi Fernan,

> I recently put together a small plan 9 network.
>
> I noticed that just about anyone can access the terminal,
> because it does not ask for authentication when I log in.
> It will only ask for my password when access the cpu server
> or import from the servers.
>
> I am not sure if it was a mistake on my part that I might
> have overlooked a step. If so can you pls tell me which steps?

This is right. The resources on a standalone terminal aren't
protected from the user (=hostowner) by password (or any other
method of authentication)

(We had a discussion about this regarding notebooks some weeks before
on the 9fans list.)

Terminals are meant to boot from a fileserver and to not have the
operating system installed on local disks. You need to authenticate
with password (perhaps via sectore key) when you boot a terminal from
fileserver.

If you do have a local installed Plan 9 system (e.g. on notebooks)
you perhaps will only want to use that for temporary use in situations
when you are unconnected to any Plan 9 authdom you have an account
for.

This all is intended by design. These ideas are described in
http://plan9.bell-labs.com/sys/doc/9.ps and
http://plan9.bell-labs.com/sys/doc/auth.ps describes the
authentication and security infrastructures.

> Assuming I did not make a mistake during the installation.
> If a user decided to make use of the terminals disks
> to store data, what protects these data from other users? Ofcourse
> this would be irrelevant if the terminals where made of diskless
> machines which relies on the fileserver to provide the disk space.
>
> As I understand it, Just installing the distro form the bell labs site.
> The reulting machine is a standalone terminal.

yes.

> If I decide to follow the configuring the cpu server in the wiki,
> this will give me a cpu server.

yes.

Heiko

0 new messages