These files provide an updated authentication framework for Inferno. They are not part of the standard distribution, and may not become so, but for anyone that may find them useful, here they are. The main changes are to allow keys to be stored securely. The 9cpu command. which relies on the changes, makes a cpu connection to a plan 9 box. I have set things up so that before the window manager is started, Inferno asks for a password, which is then used to decrypt a file containing the secret keys, which are passed to factotum. This is not totally secure, but it's a lot better than keeping the keys in the clear all the time. I do things this way so that I don't necessarily have to contact a secstore server - I store the entire distribution on a USB memory stick. INSTALLATION I assume you've got a current Inferno distribution, and an environment variable $I holding its root directory. 1) unpack the files in the Inferno root directory. % cd $I % gzip < /n/sources/contrib/rog/infauth/infauth.tgz | tar xv 2) create an encrypted file storing factotum's keys: 2.1) get the factotum keys you need, e.g. % secstore -G factotum > $I/keyring/factotum 2.2) add any inferno keys you need - authcvt converts from a old-style inferno file to a form that can be stored in factotum. getauthinfo -F prints the key that it receives in a similar fashion. % emu -r $I sh ; authcvt $home/keyring/somekey >> /keyring/factotum # or: ; getauthinfo -F -s mylocalauthsigner.com -u rog >> /keyring/factotum password: ; 2.2) encrypt them: ; cd /keyring ; crypt -k your_secret_key < factotum > factotum.cr ; rm factotum 3) add any appropriate auth server entries to ndb: ; >> /lib/ndb/local echo ' auth=sources.cs.bell-labs.com authdom=outside.plan9.bell-labs.com auth=sources.cs.bell-labs.com authdom=insideout.plan9.bell-labs.com authdom=vitanuova.com auth=plan9.vitanuova.com authdom=outside.plan9.bell-labs.com auth=sources.cs.bell-labs.com' 4) add the following lines to /lib/wmsetup: bind -b '#^' /chan winsrv (alternatively copy /lib/wmsetup.new to /lib/wmsetup ; cp /lib/wmsetup.new /lib/wmsetup 3) run emu % emu -r $I You should be prompted for your password, which will be used to decrypt the factotum.cr file. If you wish to obtain the keys from secstore, change /lib/sh/profile accordingly. (genlogon is a new program that prompts for some information and runs a shell script with environment variables set accordingly, before running the usual window taskbar). 4. connect through to a plan 9 system: when the window manager has started, you can start a shell and connect through to a plan 9 system: % 9cpu -h plan9.vitanuova.com cpu% once there, you can create new shell windows in the same cpu session with iwin: cpu% iwin cpu% you can create new "rio-style" windows with iwin -r: cpu% iwin -r acme -l $home/acme.dump cpu% STARTING UP I've provided a couple of convenience scripts for starting emu: Wm is an rc script that starts emu with some appropriate options; emu.bat is a windows batch file that should live in the directory above the inferno root directory and starts emu. it's useful for starting emu under windows when the drive letter is not known (AFAIK it's not possible to create a path-relative shortcut). Mutate either as necessary. appl/authsrc provides the source to the above commands. It also provides a new version of mount that uses factotum (installed as imount.dis). I haven't made it the default version because it lacks some of the functionality of the old mount (in particular it doesn't implement the -9 option, which is useful for making an authenticated connection to sources). Feedback appreciated. Enjoy. rog@vitanuova.com