factotum(4): document dp9ik, update protocol list
This commit is contained in:
cinap_lenrek
parent
77ad456b31
commit
f70ebd8e62
1 changed files with 31 additions and 33 deletions
|
|
@ -81,6 +81,8 @@ in conjunction with a cryptographic protocol.
|
||||||
can act in the role of client for any process possessing the
|
can act in the role of client for any process possessing the
|
||||||
same user id as it. For select protocols such as
|
same user id as it. For select protocols such as
|
||||||
.B p9sk1
|
.B p9sk1
|
||||||
|
and
|
||||||
|
.B dp9ik
|
||||||
it can also act as a client for other processes provided
|
it can also act as a client for other processes provided
|
||||||
its user id may speak for the other process' user id (see
|
its user id may speak for the other process' user id (see
|
||||||
.IR authsrv (6)).
|
.IR authsrv (6)).
|
||||||
|
|
@ -98,19 +100,24 @@ supports the following protocols:
|
||||||
a metaprotocol used to negotiate which actual protocol to use.
|
a metaprotocol used to negotiate which actual protocol to use.
|
||||||
.TP
|
.TP
|
||||||
.B p9sk1
|
.B p9sk1
|
||||||
a Plan 9 shared key protocol described in
|
legacy Plan 9 shared key protocol described in
|
||||||
.IR authsrv (6)'s
|
.IR authsrv (6)'s
|
||||||
``File Service'' section.
|
``Ticket Service''
|
||||||
|
and
|
||||||
|
``P9sk1'' sections.
|
||||||
.TP
|
.TP
|
||||||
.B p9sk2
|
.B dp9ik
|
||||||
a variant of
|
extended version of
|
||||||
.B p9sk1
|
.B p9sk1
|
||||||
described in
|
that adds password bruteforce resistance and forward secrecy (see
|
||||||
.IR authsrv (6)'s
|
.IR authsrv (6)'s
|
||||||
``Remote Execution'' section.
|
``Password authenticated key exchange''
|
||||||
|
and
|
||||||
|
``Dp9ik''
|
||||||
|
sections).
|
||||||
.TP
|
.TP
|
||||||
.B p9cr
|
.B p9cr
|
||||||
a Plan 9 protocol that can use either
|
legacy Plan 9 protocol that can use either
|
||||||
.B p9sk1
|
.B p9sk1
|
||||||
keys or SecureID tokens.
|
keys or SecureID tokens.
|
||||||
.TP
|
.TP
|
||||||
|
|
@ -142,9 +149,6 @@ passwords in the clear.
|
||||||
.IR vnc (1)'s
|
.IR vnc (1)'s
|
||||||
challenge/response.
|
challenge/response.
|
||||||
.TP
|
.TP
|
||||||
.B wep
|
|
||||||
WEP passwords for wireless ethernet cards.
|
|
||||||
.TP
|
|
||||||
.B wpapsk
|
.B wpapsk
|
||||||
WPA passwords for wireless ethernet cards.
|
WPA passwords for wireless ethernet cards.
|
||||||
.PD
|
.PD
|
||||||
|
|
@ -193,9 +197,11 @@ don't look for a secstore.
|
||||||
.TP
|
.TP
|
||||||
.B \-S
|
.B \-S
|
||||||
indicates that the agent is running on a
|
indicates that the agent is running on a
|
||||||
CPU server. On starting, it will attempt to get a
|
CPU server. On starting, it will attempt to get
|
||||||
.B p9sk1
|
.B p9sk1
|
||||||
key from NVRAM using
|
and
|
||||||
|
.B dp9ik
|
||||||
|
keys from NVRAM using
|
||||||
.B readnvram
|
.B readnvram
|
||||||
(see
|
(see
|
||||||
.IR authsrv (2)),
|
.IR authsrv (2)),
|
||||||
|
|
@ -265,11 +271,13 @@ does not appear when reading the
|
||||||
file.
|
file.
|
||||||
The required attributes depend on the authentication protocol.
|
The required attributes depend on the authentication protocol.
|
||||||
.PP
|
.PP
|
||||||
.BR P9sk1 ,
|
.BR Dp9ik ,
|
||||||
.BR p9sk2 ,
|
.B p9sk1
|
||||||
and
|
and
|
||||||
.BR p9cr
|
.B p9cr
|
||||||
all require a key with
|
all require a key with
|
||||||
|
.BR proto = dp9ik
|
||||||
|
or
|
||||||
.BR proto = p9sk1 ,
|
.BR proto = p9sk1 ,
|
||||||
a
|
a
|
||||||
.B dom
|
.B dom
|
||||||
|
|
@ -283,7 +291,7 @@ attribute specifying the password or hexadecimal secret
|
||||||
to be used. Here is an example:
|
to be used. Here is an example:
|
||||||
.PP
|
.PP
|
||||||
.EX
|
.EX
|
||||||
proto=p9sk1 dom=avayalabs.com user=presotto !password=lucent
|
proto=dp9ik dom=9front user=glenda !password=secret
|
||||||
.EE
|
.EE
|
||||||
.PP
|
.PP
|
||||||
.BR Apop ,
|
.BR Apop ,
|
||||||
|
|
@ -338,24 +346,10 @@ and
|
||||||
By convention, programs using the RSA protocol also require a
|
By convention, programs using the RSA protocol also require a
|
||||||
.B service
|
.B service
|
||||||
attribute set to
|
attribute set to
|
||||||
.BR ssh ,
|
.B ssh
|
||||||
.BR sshserve ,
|
|
||||||
or
|
or
|
||||||
.BR tls .
|
.BR tls .
|
||||||
.PP
|
.PP
|
||||||
.B Wep
|
|
||||||
requires a
|
|
||||||
.BR key1 ,
|
|
||||||
.BR key2 ,
|
|
||||||
or
|
|
||||||
.BR key3
|
|
||||||
set to the password to be used.
|
|
||||||
Starting the protocol causes
|
|
||||||
.I factotum
|
|
||||||
to configure the wireless ethernet card
|
|
||||||
.B #l/ether0
|
|
||||||
for WEP encryption with the given password.
|
|
||||||
.PP
|
|
||||||
All keys can have additional attributes that act either as comments
|
All keys can have additional attributes that act either as comments
|
||||||
or as selectors to distinguish them in the
|
or as selectors to distinguish them in the
|
||||||
.IR auth (2)
|
.IR auth (2)
|
||||||
|
|
@ -402,9 +396,11 @@ protocols (in particular, the Plan 9 ones).
|
||||||
.PP
|
.PP
|
||||||
Whenever
|
Whenever
|
||||||
.I factotum
|
.I factotum
|
||||||
runs as a server, it must have a
|
runs as a server, it must have
|
||||||
|
.B dp9ik
|
||||||
|
or
|
||||||
.B p9sk1
|
.B p9sk1
|
||||||
key in order to communicate with the authentication
|
keys in order to communicate with the authentication
|
||||||
server for validating passwords and challenge/responses of
|
server for validating passwords and challenge/responses of
|
||||||
other users.
|
other users.
|
||||||
.SS "Key Templates
|
.SS "Key Templates
|
||||||
|
|
@ -743,3 +739,5 @@ is the reason for the error.
|
||||||
.RE
|
.RE
|
||||||
.SH SOURCE
|
.SH SOURCE
|
||||||
.B /sys/src/cmd/auth/factotum
|
.B /sys/src/cmd/auth/factotum
|
||||||
|
.SH "SEE ALSO"
|
||||||
|
.IR authsrv (6)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue