I intsalled combined cpu/auth server I need some explanatories for plan9 security model, because I have some troubles with undestanding dependences between factotum,secstore and keyfs.
First I don't undestand why I must run auth/secstored on my auth server. In fact keyfs provide to me interface to keys at nvram, and secstore provide to me interface to keys at nvram... Second I don't undestand what means "password" (after "secstore key") in auth/wrkey dialog. System password? Who is a "system password"? Third I think that I must to add all my permanent auth-server users (users with remote terminals) of my "auth domain" to secstore on auth-server. But cpu-server users of THIS cpu-server I must add to factotum too. I must copy some keys from secstore to factotum at boot time if I want to grant access to both auth and cpu servers. Am I right? Forth why noany ask me to password to access to secstore at boot time? Thanks :) -- Phil Kulin
