[9fans] p9cr support in p9p's factotum? - Plan9

This is a discussion on [9fans] p9cr support in p9p's factotum? - Plan9 ; Hello, As part of a PAM module implementation in Linux I need to authenticate against p9p's factotum. The code basically does an "auth_userpasswd(user, passwd)" to achieve this. Apparently I get a response from the factotum saying that it does not ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [9fans] p9cr support in p9p's factotum?

  1. [9fans] p9cr support in p9p's factotum?

    Hello,

    As part of a PAM module implementation in Linux I need to authenticate
    against p9p's factotum. The code basically does an
    "auth_userpasswd(user, passwd)" to achieve this. Apparently I get a
    response from the factotum saying that it does not understand p9cr.

    I noticed that in p9p's 'libauth' sources the auth_userpasswd
    internally calls auth_challenge("user=%q proto=p9cr role=server",
    user). When I grepped the sources I could not find p9cr implemented in
    src/cmd/auth/factotum. Although I could notice a file "p9cr.c" which
    seems to be a partial port as the code is not the same as that of its
    Plan9 counterpart but looks more like the other p9p's code ( p9sk1.c
    etc. ).

    I was wondering if p9cr is supported in p9p's factotum. If yes then am
    I missing something here? If not then is it on somebody's plate to
    complete it? I am willing to complete it but I am a newbie in the
    p9p's factotum's code and would appreciate any guidance/help from
    someone who is aware of this stuff to help me get it done.

    I would also like to know if there is any workaround for this like
    using another protocol may be?

    Any information would be very much useful.

    Thanks and regards,
    Ashwin Ganti

    "Impossibility is a relative concept"
    www.cs.uic.edu/~aganti

  2. Re: [9fans] p9cr support in p9p's factotum?

    > As part of a PAM module implementation in Linux I need to authenticate
    > against p9p's factotum. The code basically does an
    > "auth_userpasswd(user, passwd)" to achieve this. Apparently I get a
    > response from the factotum saying that it does not understand p9cr.


    P9cr doesn't establish a shared key between
    the two sides, nor does it allow the client to
    authenticate the server. Much better would
    be for the client to have a factotum that can
    be given the password and run p9sk1 on the
    client's behalf.

    > I was wondering if p9cr is supported in p9p's factotum.


    Not really, no. I made it work just now, but it's
    not really something you want to be using all
    the time.

    The same is true of auth_userpasswd.

    Russ


  3. Re: [9fans] p9cr support in p9p's factotum?

    and the name of crn is resolvable
    >
    > cpu% ndb/query ether `{cat /net/ether0/addr} sys
    > crn


    make sure that ndb/dnsquery can also resolve crn.mteege.de.

    > ...
    > \l!(.*) alias \1
    > \lmteege\.de!(.*) alias \1

    ???
    > \l\.mteege\.de!(.*) alias \1


    what i have for a similar setup is

    # append the local domain to addresses without a domain
    local!(.*) >> /mail/box/\1/mbox
    mteege\.de!(.*) alias \1

    # local names
    \l!(.*) alias \1
    \l\.mteege.de!(.*) alias \1

    - erik

+ Reply to Thread