The patch permits the file server to force a domain to be used in the p9any negotiation. The dom is specified in fss->attr. If dom is not specified, factotum will work as it currently does. For example, in a file server's Srv .auth function: ... snprint(aux, 128, "proto=p9any dom=%s role=server", dom); srv->keyspec = estrdup9p(aux); ... key = srv->keyspec; keylen = strlen(key); if(auth_rpc(af->rpc, "start", key, keylen) != ARok) goto fail; af->uid = estrdup9p(r->ifcall.uname); ... P9any currently negotiates the proto@dom sending all the p9sk* keys (that can be used as a server) stored in the Server's factotum ring. Client's factotum selects one of them, and then the p9sk1 protocol starts. That scheme works well with stand alone file servers. The problem arises when terminals run file servers that needs authentication. The user's secstore can contain several p9sk* keys, but some of them can be inappropriate to authenticate the session. This problem cannot be solved using the 'role' attribute, because different file systems running in this terminal would need to be authenticated through different auth servers (and the user would need to use these keys to access other file servers as client).