Re: [9fans] Multi-Domain-Authentication

5 views
Skip to first unread message

YAMANASHI Takeshi

unread,
Jun 7, 2005, 9:39:22 PM6/7/05
to
> Here it is: http://www.r-36.net/multidomauth.tgz [0].

We've got another proposal on multi domain auth from tip9ug.
Our model is to modify factotum so that it assigns "user@dom"
as the uid on the server, if the server side key used to
authenticate the cpu session has "grid" attribute in them.

You only need to add your sources key to your server side
factotum to accept sources users login to your server.

The modified /sys/src/cmd/auth/factotum/p9sk1.c and
compiled factotum binary are at:
http://www.tip9ug.jp/who/nashi/9grid/8.factotum
http://www.tip9ug.jp/who/nashi/9grid/p9sk1.c

You might want to recompile the kernel with this new factotum.

Anyone got other proposals? I would like to hear and discuss
about MDA issues very much. :)
--


ari...@ar.aichi-u.ac.jp

unread,
Jun 8, 2005, 9:51:42 AM6/8/05
to
>Anyone got other proposals? I would like to hear and discuss
>about MDA issues very much. :)

one of other possible solutions is to simply prohibit host owners privilege
from the authdom that is not for the host.
that is, a requester using factotum:
key proto=p9sk1 dom=outside.plan9.bell-labs.com user=arisawa !password=XXXX
becomes ari...@outside.plan9.bell-labs.com even if I don't write "grid" attribute
in my factotum.

Giving host owners privilege to the person out of your control makes things confusing.

Kenji Arisawa

Reply all
Reply to author
Forward
0 new messages