Discussion:
[9fans] Fsctotum per user instances?
(too old to reply)
Rogelio Serrano
2013-04-07 03:28:11 UTC
Permalink
Im trying to underdtand how factotum runs. Is it per user? Or is it more
complicated than that?
a***@9srv.net
2013-04-07 05:25:33 UTC
Permalink
It can be more complicated than that if you want it to be. ☺

Normally, though, factotum is started once when a user boots a
terminal, and that one instance is used throughout. on a cpu
server, it's slightly more complicated, but not much: there's one
started for the hostowner, and each user gets their own when
they call in. See the calls to auth/factotum in the default profile,
typically set up by /sys/lib/newuser.

Anthony
Charles Forsyth
2013-04-07 08:40:12 UTC
Permalink
an auth/factotum is started by some initialisation code when you boot and
log in to your terminal.
on the cpu server, the same is true for the host owner (the owner of the
cpu service),
but then when you cpu(1) into a cpu server, your profile has a switch on
the service environment variable,
which is "cpu" for an incoming cpu call:

h% cat $home/lib/profile
...
switch($service){
case terminal
...
case cpu
...
bind /mnt/term/mnt/factotum /mnt/factotum
...
}

within cpu, the terminal's name space is available at /mnt/term, so it
simply binds the /mnt/factotum
in that name space onto /mnt/factotum in the cpu server, so you have all
your keys.

Note that this is a simple way in which the use of file servers to provide
system services and resources,
combined with 9P to import and export them, allows an interesting function
to be provided without having
any further code or special protocols.
Rogelio Serrano
2013-04-07 11:50:53 UTC
Permalink
Post by Charles Forsyth
an auth/factotum is started by some initialisation code when you boot and
log in to your terminal.
Post by Charles Forsyth
on the cpu server, the same is true for the host owner (the owner of the
cpu service),
Post by Charles Forsyth
but then when you cpu(1) into a cpu server, your profile has a switch on
the service environment variable,
Post by Charles Forsyth
h% cat $home/lib/profile
...
switch($service){
case terminal
...
case cpu
...
bind /mnt/term/mnt/factotum /mnt/factotum
...
}
within cpu, the terminal's name space is available at /mnt/term, so it
simply binds the /mnt/factotum
Post by Charles Forsyth
in that name space onto /mnt/factotum in the cpu server, so you have all
your keys.
Post by Charles Forsyth
Note that this is a simple way in which the use of file servers to
provide system services and resources,
Post by Charles Forsyth
combined with 9P to import and export them, allows an interesting
function to be provided without having
Post by Charles Forsyth
any further code or special protocols.
Awesome! Thanks guys!

So the incoming authentication is handled by the cpu owner factotum? That
means the authentication information is held by the cpu owner factotum and
the user factotum just handles the users keys? And the user factotum is run
after authentication.
Yaroslav
2013-04-08 08:52:31 UTC
Permalink
Not exactly. Please refer to /sys/doc/auth.ps |
http://plan9.bell-labs.com/sys/doc/auth.html for overview of the
architecture.
Post by Rogelio Serrano
So the incoming authentication is handled by the cpu owner factotum? That
means the authentication information is held by the cpu owner factotum and
the user factotum just handles the users keys? And the user factotum is run
after authentication.
Stuart Morrow
2013-04-08 09:18:00 UTC
Permalink
Tip: Any time someone says read auth.ps, take it to mean read
nauth.pdf; auth.ps; nauth.pdf, where nauth.pdf is the slides at
swtch.com

In others words, read overview; details; summary.

I find the auth stuff to be some of the harder stuff to fully
understand, the existence of this thread corroborates that.
Bence Fábián
2013-04-08 09:21:24 UTC
Permalink
Include a link if you're reffering something.
It helps a lot.

http://swtch.com/~rsc/talks/nauth.pdf
Post by Stuart Morrow
Tip: Any time someone says read auth.ps, take it to mean read
nauth.pdf; auth.ps; nauth.pdf, where nauth.pdf is the slides at
swtch.com
In others words, read overview; details; summary.
I find the auth stuff to be some of the harder stuff to fully
understand, the existence of this thread corroborates that.
erik quanstrom
2013-04-07 13:05:13 UTC
Permalink
Post by Charles Forsyth
within cpu, the terminal's name space is available at /mnt/term, so it
simply binds the /mnt/factotum in that name space onto /mnt/factotum
in the cpu server, so you have all your keys.
there's an important exception to this—when one is running
9term without factotum. in that case, one needs to start factotum
on the cpu server.

- erik
Loading...