1 .TH FACTOTUM 4
2 .SH NAME
3 factotum \- authentication agent
4 .SH SYNOPSIS
5 .B factotum
6 [
7 .B -DdkSun
8 ] [
9 .B -a authaddr
10 ] [
11 .B -s
12 .I srvname
13 ] 
14 .\" [
15 .\" .B -m
16 .\" .I mtpt
17 .\" ]
18 .PP
19 .B factotum
20 .B -g
21 .IB attribute = value
22 .B ...
23 .IB attribute ?
24 .B ...
25 .\" .PP
26 .\" .B auth/fgui
27 .SH DESCRIPTION
28 .I Factotum
29 is a user-level file system that
30 acts as the authentication agent for a user.
31 It does so by managing a set of
32 .IR keys .
33 A key is a collection of information used to authenticate a particular action.
34 Stored as a list of
35 .IB attribute = value
36 pairs, a key typically contains a user, an authentication domain, a protocol, and
37 some secret data.
38 .PP
39 .I Factotum
40 presents the following files:
41 .TF needkey
42 .TP
43 .B rpc
44 each open represents a new private channel to
45 .I factotum
46 .TP
47 .B proto
48 when read lists the protocols available
49 .TP
50 .B confirm
51 for confiming the use of key
52 .TP
53 .B needkey
54 allows external programs to control the addition of new keys
55 .TP
56 .B log
57 a log of actions
58 .TP
59 .B ctl
60 for maintaining keys; when read, it returns a list of keys.
61 For secret attributes, only the attribute name follow by a
62 .L ?
63 is returned.
64 .PD
65 .PP
66 In any authentication, the caller typically acts as a client
67 and the callee as a server.  The server determines
68 the authentication domain, sometimes after a negotiation with
69 the client.  Authentication always requires the client to
70 prove its identity to the server.  Under some protocols, the
71 authentication is mutual.
72 Proof is accomplished using secret information kept by factotum
73 in conjunction with a cryptographic protocol.
74 .PP
75 .I Factotum
76 can act in the role of client for any process possessing the
77 same user id as it.  For select protocols such as
78 .B p9sk1
79 it can also act as a client for other processes provided
80 its user id may speak for the other process' user id (see
81 Plan 9's
82 \fIauthsrv\fR(6)).
83 .I Factotum
84 can act in the role of server for any process.
85 .PP
86 .IR Factotum 's
87 structure is independent of
88 any particular authentication protocol.
89 .I Factotum
90 supports the following protocols:
91 .TF mschap
92 .TP
93 .B p9any
94 a metaprotocol used to negotiate which actual protocol to use.
95 .TP
96 .B p9sk1
97 a Plan 9 shared key protocol.
98 .TP
99 .B p9sk2
100 a variant of
101 .B p9sk1.
102 .TP
103 .B p9cr
104 a Plan 9 protocol that can use either
105 .B p9sk1
106 keys or SecureID tokens.
107 .TP
108 .B apop
109 the challenge/response protocol used by POP3 mail servers.
110 .TP
111 .B cram
112 the challenge/response protocol also used by POP3 mail servers.
113 .TP
114 .B chap
115 the challenge/response protocols used by PPP and PPTP.
116 .TP
117 .B mschap
118 a proprietary Microsoft protocol also used by PPP and PPTP.
119 .TP
120 .B rsa
121 RSA public key decryption, used by SSH and TLS.
122 .TP
123 .B pass
124 passwords in the clear.
125 .TP
126 .B vnc
127 .IR vnc (1)'s
128 challenge/response.
129 .TP
130 .B wep
131 WEP passwords for wireless ethernet cards.
132 .PD
133 .PP
134 The options are:
135 .TP
136 .B \-a
137 supplies the address of the authentication server to use.
138 Without this option, it will attempt to find an authentication server by
139 querying the connection server, the file
140 .BR <mtpt>/ndb ,
141 and finally the network database in
142 .BR /lib/ndb .
143 .TP
144 .B \-m
145 specifies the mount point to use, by default
146 .BR /mnt .
147 .TP
148 .B \-s
149 specifies the service name to use.
150 Without this option,
151 .I factotum
152 does not create a service file in
153 .BR /srv .
154 .TP
155 .B \-D
156 turns on 9P tracing, written to standard error.
157 .TP
158 .B \-d
159 turns on debugging, written to standard error.
160 .TP
161 .B \-g
162 causes the agent to prompt for the key, write it
163 to the
164 .B ctl
165 file, and exit.
166 The agent will prompt for values for any of the
167 attributes ending with a question mark
168 .RB ( ? )
169 and will append all the supplied
170 .I attribute = value
171 pairs.  See the section on key templates below.
172 .TP
173 .B \-n
174 don't look for a secstore.
175 .TP
176 .B \-S
177 indicates that the agent is running on a
178 cpu server.  On starting, it will attempt to get a
179 .B 9psk1
180 key from NVRAM using
181 .B readnvram
182 (see
183 .IR authsrv (3)),
184 prompting for anything it needs.
185 It will never subsequently prompt for a
186 key that it doesn't have.
187 This option is typically used by
188 the kernel at boot time.
189 .TP
190 .B \-k
191 causes the NVRAM to be written.
192 It is only valid with the
193 .B \-S
194 option.
195 This option is typically used by
196 the kernel at boot time.
197 .TP
198 .B \-u
199 causes the agent to prompt for user
200 id and writes it to
201 .BR /dev/hostowner .
202 It is mutually exclusive with
203 .B \-k
204 and
205 .BR \-S .
206 This option is typically used by
207 the kernel at boot time.
208 .PD
209 .\" .PP
210 .\" .I Fgui
211 .\" is a graphic user interface for confirming key usage and
212 .\" entering new keys.  It hides the window in which it starts
213 .\" and waits reading requests from
214 .\" .B confirm
215 .\" and
216 .\" .BR needkey .
217 .\" For each requests, it unhides itself and waits for
218 .\" user input.
219 .\" See the sections on key confirmation and key prompting below.
220 .SS "Key Tuples
221 .PP
222 A
223 .I "key tuple
224 is a space delimited list of 
225 .IB attribute = value
226 pairs.  An attribute whose name begins with an exclamation point
227 .RB ( ! )
228 does not appear when reading the
229 .B ctl
230 file.
231 The required attributes depend on the authentication protocol.
232 .PP
233 .BR P9sk1 ,
234 .BR p9sk2 ,
235 and
236 .BR p9cr
237 all require a key with
238 .BR proto = p9sk1 ,
239 a
240 .B dom
241 attribute identifying the authentication domain, a
242 .B user
243 name valid in that domain, and either a
244 .B !password
245 or
246 .B !hex
247 attribute specifying the password or hexadecimal secret
248 to be used.  Here is an example:
249 .PP
250 .EX
251     proto=p9sk1 dom=avayalabs.com user=presotto !password=lucent
252 .EE
253 .PP
254 .BR Apop ,
255 .BR cram ,
256 .BR chap ,
257 and
258 .BR mschap ,
259 require a key with a
260 .B proto
261 attribute whose value matches the protocol,
262 in addition to
263 .BR server ,
264 .BR user ,
265 and
266 .B !password
267 attributes; 
268 e.g.
269 .PP
270 .EX
271     proto=apop server=mit.edu user=rsc !password=nerdsRus
272 .EE
273 Vnc is similar but does not require a
274 .B user
275 attribute.
276 .PP
277 .B Pass
278 requires a key with
279 .B proto=pass
280 in addition to
281 .B user
282 and
283 .B !password
284 attributes; e.g.
285 .PP
286 .EX
287     proto=pass user=tb !password=does.it.matter
288 .EE
289 .PP
290 .B Rsa
291 requires a key with
292 .B proto=rsa
293 in addition to all the hex attributes defining an RSA key:
294 .BR ek ,
295 .BR n ,
296 .BR !p ,
297 .BR !q ,
298 .BR !kp ,
299 .BR !kq ,
300 .BR !c2 ,
301 and
302 .BR !dk .
303 By convention, programs using the RSA protocol also require a
304 .B service
305 attribute set to
306 .BR ssh ,
307 .BR sshserve ,
308 or
309 .BR tls .
310 .PP
311 .B Wep
312 requires a
313 .BR key1 ,
314 .BR key2 ,
315 or
316 .BR key3
317 set to the password to be used.
318 Starting the protocol causes
319 .I factotum
320 to configure the wireless ethernet card
321 .B #l/ether0
322 for WEP encryption with the given password.
323 .PP
324 All keys can have additional attibutes that act either as comments
325 or as selectors to distinguish them in the
326 .IR auth (3)
327 library calls.
328 .PP
329 The factotum owner can use any key stored by factotum.
330 Any key may have one or more
331 .B owner
332 attributes listing the users who can use the key
333 as though they were the owner.
334 For example, the TLS and SSH host keys on a server
335 often have an attribute
336 .B owner=*
337 to allow any user (and in particular,
338 .L none )
339 to run the TLS or SSH server-side protocol.
340 .PP
341 Any key may have a
342 .B role
343 attribute for restricting how it can be used.
344 If this attribute is missing, the key can be used in any role.
345 The possible values are:
346 .TP
347 .B client
348 for authenticating outbound calls
349 .TP
350 .B server
351 for authenticating inbound calls
352 .TP
353 .B speaksfor
354 for authenticating processes whose
355 user id does not match
356 .IR factotum 's.
357 .PD
358 .PP
359 Whenever
360 .I factotum
361 runs as a server, it must have a
362 .B p9sk1
363 key in order to communicate with the authentication
364 server for validating passwords and challenge/responses of
365 other users.
366 .SS "Key Templates
367 Key templates are used by routines that interface to
368 .I factotum
369 such as
370 .B auth_proxy
371 and
372 .B auth_challenge
373 (see
374 .IR auth (3))
375 to specify which key and protocol to use for an authentication.
376 Like a key tuple, a key template is also a list of 
377 .IB attribute = value
378 pairs.
379 It must specify at least the protocol and enough
380 other attributes to uniquely identify a key, or set of keys, to use.
381 The keys chosen are those that match all the attributes specified
382 in the template.  The possible attribute/value formats are:
383 .TP 1i
384 .IB attr = val
385 The attribute
386 .I attr
387 must exist in the key and its value must exactly
388 match
389 .I val
390 .TP 1i
391 .IB attr ?
392 The attribute
393 .I attr
394 must exist in the key but its value doesn't matter.
395 .TP 1i
396 .I attr
397 The attribute
398 .I attr
399 must exist in the key with a null value
400 .PD
401 .PP
402 Key templates are also used by factotum to request a key either via
403 an RPC error or via the
404 .B needkey
405 interface.
406 The possible attribute/value formats are:
407 .TP 1i
408 .IB attr = val
409 This pair must remain unchanged
410 .TP 1i
411 .IB attr ?
412 This attribute needs a value
413 .TP 1i
414 .I attr
415 The pair must remain unchanged
416 .PD
417 .SS "Control and Key Management
418 .PP
419 A number of messages can be written to the control file.
420 The mesages are:
421 .TP
422 .B "key \fIattribute-value-list\fP
423 add a new key.  This will replace any old key whose
424 public, i.e. non ! attributes, match.
425 .TP
426 .B "delkey \fIattribute-value-list\fP
427 delete a key whose attributes match those given.
428 .TP
429 .B debug
430 toggle debugging on and off, i.e., the debugging also
431 turned on by the
432 .B \-d
433 option.
434 .PP
435 By default when factotum starts it looks for a
436 .IR secstore (1)
437 account on $auth for the user and, if one exists,
438 prompts for a secstore password in order to fetch
439 the file
440 .IR factotum ,
441 which should contain control file commands.
442 An example would be
443 .EX
444   key dom=x.com proto=p9sk1 user=boyd !hex=26E522ADE2BBB2A229
445   key proto=rsa service=ssh size=1024 ek=3B !dk=...
446 .EE
447 where the first line sets a password for
448 challenge/response authentication, strong against dictionary
449 attack by being a long random string, and the second line
450 sets a public/private keypair for ssh authentication,
451 generated by
452 .B ssh_genkey
453 (see
454 .IR ssh (1)).
455 .PD
456 .SS "Confirming key use
457 .PP
458 The 
459 .B confirm
460 file provides a connection from
461 .I factotum
462 to a confirmation server, normally the program
463 .IR auth/fgui .
464 Whenever a key with the
465 .B confirm
466 attribute is used, 
467 .I factotum
468 requires confirmation of its use.  If no process has
469 .B confirm
470 opened, use of the key will be denied.
471 However, if the file is opened a request can be read from it
472 with the following format:
473 .PP
474 .B confirm
475 .BI tag= tagno
476 .I "<key template>
477 .PP
478 The reply, written back to
479 .BR confirm ,
480 consists of string:
481 .PP
482 .BI tag= tagno
483 .BI answer= xxx
484 .PP
485 If
486 .I xxx
487 is the string
488 .B yes
489 then the use is confirmed and the authentication will proceed.
490 Otherwise, it fails.
491 .PP
492 .B Confirm
493 is exclusive open and can only be opened by a process with
494 the same user id as
495 .IR factotum .
496 .SS "Prompting for keys
497 .PP
498 The 
499 .B needkey
500 file provides a connection from
501 .I factotum
502 to a key server, normally the program
503 .IR auth/fgui .
504 Whenever
505 .I factotum
506 needs a new key, it first checks to see if
507 .B needkey
508 is opened.  If it isn't, it returns a error to its client.
509 If the file is opened a request can be read from it
510 with the following format:
511 .PP
512 .B needkey
513 .BI tag= tagno
514 .I "<key template>
515 .PP
516 It is up to the reader to then query the user for any missing fields,
517 write the key tuple into the
518 .B ctl
519 file, and then reply by writing into the
520 .B needkey
521 file the string:
522 .PP
523 .BI tag= tagno
524 .PP
525 .B Needkey
526 is exclusive open and can only be opened by a process with
527 the same user id as
528 .IR factotum .
529 .SS "The RPC Protocol
530 Authentication is performed by
531 .IP 1)
532 opening
533 .BR rpc
534 .IP 2)
535 setting up the protocol and key to be used (see the
536 .B start
537 RPC below),
538 .IP 3)
539 shuttling messages back and forth between
540 .IR factotum
541 and the other party (see the
542 .B read
543 and
544 .B write
545 RPC's) until done
546 .IP 4)
547 if successful, reading back an
548 .I AuthInfo
549 structure (see
550 .IR authsrv (3)).
551 .PP
552 The RPC protocol is normally embodied by one of the
553 routines in
554 .IR auth (3).
555 We describe it here should anyone want to extend
556 the library.
557 .PP
558 An RPC consists of writing a request message to
559 .B rpc
560 followed by reading a reply message back.
561 RPC's are strictly ordered; requests and replies of
562 different RPC's cannot be interleaved.
563 Messages consist of a verb, a single space, and data.
564 The data format depends on the verb.  The request verbs are:
565 .TP
566 .B "start \fIattribute-value-list\fP
567 start a new authentication.
568 .I Attribute-value-pair-list
569 must include a
570 .B proto
571 attribute, a
572 .B role
573 attribute with value
574 .B client
575 or
576 .BR server ,
577 and enough other attibutes to uniquely identify a key to use.
578 A
579 .B start
580 RPC is required before any others.    The possible replies are:
581 .RS
582 .TP
583 .B ok
584 start succeeded.
585 .TP
586 .B "error \fIstring\fP
587 where
588 .I string
589 is the reason.
590 .RE
591 .PD
592 .TP
593 .B read
594 get data from
595 .I factotum
596 to send to the other party.  The possible replies are:
597 .RS
598 .TP
599 .B ok
600 read succeeded, this is zero length message.
601 .TP
602 .B "ok \fIdata\fP
603 read succeeded, the data follows the space and is
604 unformatted.
605 .TP
606 .B "done
607 authentication has succeeded, no further RPC's are
608 necessary
609 .TP
610 .B "done haveai
611 authentication has succeeded, an
612 .B AuthInfo
613 structure (see
614 .IR auth (3))
615 can be retrieved with an
616 .B authinfo
617 RPC
618 .TP
619 .B "phase \fIstring\fP
620 its not your turn to read, get some data from
621 the other party and return it with a write RPC.
622 .TP
623 .B "error \fIstring\fP
624 authentication failed,
625 .I string
626 is the reason.
627 .TP
628 .B "protocol not started
629 a
630 .B start
631 RPC needs to precede reads and writes
632 .TP
633 .B "needkey \fIattribute-value-list\fP
634 a key matching the argument is needed.  This argument
635 may be passed as an argument to
636 .I factotum
637 .B -g
638 in order to prompt for a key.  After that, the
639 authentication may proceed, i.e., the read restarted.
640 .PD
641 .RE
642 .TP
643 .B "write \fIdata\fP
644 send data from the other party to
645 .IR factotum .
646 The possible replies are:
647 .RS
648 .TP
649 .B "ok
650 the write succeeded
651 .TP
652 .B "needkey \fIattribute-value-list\fP
653 see above
654 .TP
655 .B "toosmall \fIn\fP
656 the write is too short, get more data from the
657 other party and retry the write.
658 .I n
659 specifies the maximun total number of bytes.
660 .TP
661 .B "phase \fIstring\fP
662 its not your turn to write, get some data from
663 .I factotum
664 first.
665 .TP
666 .B "done
667 see above
668 .TP
669 .B "done haveai
670 see above
671 .RE
672 .TP
673 .B authinfo
674 retrieve the AuthInfo structure.  
675 The possible replies are:
676 .RS
677 .TP
678 .B "ok \fIdata\fP
679 .I data
680 is a marshaled form of the AuthInfo structure.
681 .TP
682 .B "error \fIstring\fP
683 where
684 .I string
685 is the reason for the error.
686 .PD
687 .RE
688 .TP
689 .B attr
690 retrieve the attributes used in the
691 .B start
692 RPC.
693 The possible replies are:
694 .RS
695 .TP
696 .B "ok \fIattribute-value-list\fP
697 .TP
698 .B "error \fIstring\fP
699 where
700 .I string
701 is the reason for the error.
702 .PD
703 .RE
704 .SH SOURCE
705 .B \*9/src/cmd/factotum