Plan 9 from Bell Labs 2005-10-05

dist/replica/_plan9.db

@@ -7257,7 +7257,7 @@ sys/man/1/comm - 664 sys sys 944959675 665
 sys/man/1/con - 664 sys sys 1071156278 4318
 sys/man/1/cp - 664 sys sys 1110816882 1947
 sys/man/1/cpp - 664 sys sys 944959674 2105
-sys/man/1/cpu - 664 sys sys 1104939775 3540
+sys/man/1/cpu - 664 sys sys 1128462781 3804
 sys/man/1/crop - 664 sys sys 984709627 2596
 sys/man/1/date - 664 sys sys 969499884 996
 sys/man/1/db - 664 sys sys 1015024738 17862

dist/replica/plan9.db

@@ -7257,7 +7257,7 @@ sys/man/1/comm - 664 sys sys 944959675 665
 sys/man/1/con - 664 sys sys 1071156278 4318
 sys/man/1/cp - 664 sys sys 1110816882 1947
 sys/man/1/cpp - 664 sys sys 944959674 2105
-sys/man/1/cpu - 664 sys sys 1104939775 3540
+sys/man/1/cpu - 664 sys sys 1128462781 3804
 sys/man/1/crop - 664 sys sys 984709627 2596
 sys/man/1/date - 664 sys sys 969499884 996
 sys/man/1/db - 664 sys sys 1015024738 17862

dist/replica/plan9.log

@@ -21542,3 +21542,4 @@
 1128310238 2 c 386/bin/netstat - 775 sys sys 1128309084 84664
 1128310238 3 c 386/bin/fossil/fossil - 775 sys sys 1128309083 360426
 1128339045 0 c sys/lib/dist/cmd/bargraph.c - 664 sys sys 1128338667 5951
+1128463219 0 c sys/man/1/cpu - 664 sys sys 1128462781 3804

sys/man/1/cpu

@@ -1,6 +1,6 @@
 .TH CPU 1
 .SH NAME
-cpu \- connection to cpu server
+cpu \- connection to CPU server
 .SH SYNOPSIS
 .B cpu
 [
@@ -25,6 +25,13 @@ cpu \- connection to cpu server
 .B -c
 .I cmd args ...
 ]
+.PP
+.B cpu
+[
+.B -R
+|
+.B -O
+]
 .SH DESCRIPTION
 .I Cpu
 starts an
@@ -132,7 +139,7 @@ for details on possible algorithms.  The argument
 .L clear
 specifies no encryption algorithm and can be used to talk
 to older versions of the
-.B cpu
+.I cpu
 service.
 .PP
 The
@@ -155,9 +162,23 @@ the
 and
 .B objtype
 environment variables reflect the server's architecture.
+.PP
+The
+.B -R
+flag causes
+.I cpu
+to run the server (remote) side of the protocol.
+It is run from service files such as
+.BR /bin/service/tcp17010 .
+The
+.B -O
+flag is similar but simulates the pre-9P2000 version
+of the 
+.I cpu
+protocol.
 .SH FILES
 The name space of the terminal side of the
-.B cpu
+.I cpu
 command is mounted, via
 .IR exportfs (4),
 on the CPU side on directory

sys/man/1/delkey

@@ -25,7 +25,7 @@ The
 .B -f
 option disables the prompting; all keys matching the pattern are deleted.
 .PP
-When run on a cpu server,
+When run on a CPU server,
 .I delkey
 uses the terminal's factotum, if present, instead of the server's factotum.
 .SH FILES

sys/man/4/factotum

@@ -181,7 +181,7 @@ don't look for a secstore.
 .TP
 .B \-S
 indicates that the agent is running on a
-cpu server.  On starting, it will attempt to get a
+CPU server.  On starting, it will attempt to get a
 .B 9psk1
 key from NVRAM using
 .B readnvram

sys/man/6/authsrv

@@ -1,6 +1,6 @@
 .TH AUTHSRV 6
 .SH NAME
-ticket \- authentication service
+authsrv, p9any, p9sk1, p9sk2 \- authentication protocols
 .SH DESCRIPTION
 This manual page describes
 the protocols used to authorize connections, confirm the identities
@@ -21,20 +21,26 @@ kernel running on that machine.
 The domain name identifies the machines across which the ID is valid.
 Together, the ID and domain name identify the owner of a key.
 .PP
-When a terminal boots, the user is prompted for user name and password.
+When a terminal boots,
+.IR factotum (4)
+prompts for user name and password.
 The user name becomes the terminal's authentication ID. 
 The password is converted using
 .I passtokey
 (see
-.IR auth (2))
-into a 56-bit DES key and saved as the machine's key.
+.IR authsrv (2))
+into a 56-bit DES key and saved in memory.
 The authentication domain is set to the null string.
-If possible, the terminal validates the key with the AS
+If possible,
+.I factotum
+validates the key with the AS
 before saving it.
 For Internet machines the correct AS to ask is found using
 .IR dhcpd (8).
 .PP
-When a CPU or file server boots, it reads the key, ID, and domain name from
+When a CPU or file server boots, 
+.I factotum
+reads the key, ID, and domain name from
 non-volatile RAM.
 This allows servers to reboot without operator intervention.
 .PP
@@ -44,288 +50,361 @@ them one case at a time. The following definitions will be used
 in the descriptions:
 .TF nullx
 .TP
-.I \fICHc\fP
-an 8-byte random challenge from a client
+.I Ks
+server's host ID's key
 .TP
-.I CHs
-an 8-byte random challenge from a server
+.I Kc
+client's host ID's key
 .TP
-.I \fIKs\fP
-server's key
+.I Kn
+a nonce key created for a ticket
+.RB ( key )
 .TP
-.I \fIKc\fP
-client's key
+.IR K { m }
+message
+.I m
+encrypted with key
+.I K
 .TP
-.I \fIKn\fP
-a nonce key created for a ticket
+.I CHc
+an 8-byte random challenge from a client
+.RB ( chal )
 .TP
-.I K\fP\fIm\fP
-message m
-encrypted with key K
+.I CHs
+an 8-byte random challenge from a server
+.RB ( chal )
 .TP
-.I \fIIDs\fP
+.I IDs
 server's ID
+.RB ( authid )
 .TP
-.I \fIDNs\fP
+.I DN
 server's authentication domain name
+.RB ( authdom )
 .TP
-.I \fIIDc\fP
+.I IDc
 client's ID
+.RB ( hostid ,
+.BR cuid )
 .TP
-.I \fIUIDc\fP
-user's name on the client
-.TP
-.I \fIUIDs\fP
-user's name on the server
+.I IDr
+client's desired ID on server
+.RB ( uid ,
+.BR suid )
 .PD
 .PP
-A number of constants defined in
-.B auth.h
-are also used:
-.IR AuthTreq,
-.IR AuthChal,
-.IR AuthOK,
-.IR AuthErr,
-.IR AuthTs,
-.IR AuthTc,
-.IR AuthAs,
+The parenthesized names are the ones used in the
+.B Ticketreq
 and
-.IR AuthAc .
-.SS "File Service"
-File service sessions are long-lived connections between a client host
-and a file server.
-Processes belonging to different users share the session.
-Whenever a user process on the client
-.I mounts
-a file server
-(see
-.IR bind (2)),
-it must authenticate itself.
-There are four players in an authentication: the server, the client kernel,
-the user process on the client, and the authentication server.
-The goal of the authentication protocol is to convince the server
-that the client may validly speak for the user process.
-.PP
-To reduce the number of messages for each authentication,
-common information is exchanged once at the
-beginning of the session within a
-.I session
-message
-(see
-.IR attach (5)):
-.TF "Client->Server"
-.TP
-.IR Client -> Server
-Tsession( \fICHc\fP )
-.TP
-.IR Server -> Client
-Rsession( \fICHs\fP, \fIIDs\fP, \fIDNs\fP )
-.PD
-.PP
-Each time a user mounts a file server connection, an attach
-message is sent identifying/authenticating the user:
-.TF "Client->Server"
-.TP
-.IR Client -> Server
-Tattach( \fIKs\fP{ \fIAuthTs\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }, \fIKn\fP{ \fIAuthAc\fP, \fICHs\fP, \fIcount\fP } )
-.TP
-.IR Server -> Client
-Rattach( \fIKn\fP{ AuthAs, \fICHc\fP, \fIcount\fP } )
-.PD
+.B Ticket
+structures in
+.BR <authsrv.h> .
 .PP
-The part of the attach request encrypted with
-.BR \fIKs\fP
-is called a
-.IR ticket .
-Since it is encrypted in the server's secret key, this message is guaranteed
-to have originated on the AS.
-The part encrypted with the
-.B \fIKn\fP
-found in the ticket is called an
-.IR authenticator .
-The authenticator is generated by the client kernel and guarantees that
-the ticket was not stolen.
-The
-.I count
-is incremented with each mount to make every authenticator unique,
-thus foiling replay attacks.
-The server is itself authenticated by the authenticator
-it sends as a reply to the attach.
+The message type constants
+.IR AuthTreq ,
+.IR AuthChal ,
+.IR AuthPass ,
+.IR AuthOK ,
+.IR AuthErr ,
+.IR AuthMod ,
+.IR AuthApop ,
+.IR AuthOKvar ,
+.IR AuthChap ,
+.IR AuthMSchap ,
+.IR AuthCram ,
+and
+.IR AuthVNC
+.RB ( type )
+are defined in
+.BR <authsrv.h> ,
+as are the encrypted message types
+.IR AuthTs ,
+.IR AuthAs ,
+.IR AuthAc ,
+.IR AuthTp ,
+and
+.IR AuthHr
+.RB ( num ).
+.SS "Ticket Service
+When a client and server wish to authenticate to each other,
+they do so using
+.I tickets
+issued by the AS.
+Obtaining tickets from the AS
+is the client's responsibility.
 .PP
-Tickets are created by the AS at the request of a user process.
-The AS contains a database of which \fIIDc\fP's may speak for which \fIUIDc\fP's.
-If the \fIIDc\fP may speak for the \fIUIDc\fP, two tickets are returned.
-.TF "UserProc->AS"
-.TP
-.IR UserProc -> AS
-\fIAuthTreq\fP, \fICHs\fP, \fIIDs\fP, \fIDNs\fP, \fIIDc\fP, \fIUIDc\fP
-.TP
-.IR AS -> UserProc
-\fIAuthOK\fP, \fIKc\fP{ \fIAuthTc\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }, \fIKs\fP{ \fIAuthTs\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }
-.PD
+The protocol to obtain a ticket pair is:
+.TP
+.IR C \(-> A
+.IR AuthTreq ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR IDc ,
+.IR IDr
+.sp -\n(PDu
+.TP
+.IR A \(-> C
+.IR AuthOK ,
+.IR Kc { AuthTc ,
+.IR CHs ,
+.IR IDc ,
+.IR IDr ,
+.IR Kn },
+.IR Ks { AuthTs ,
+.IR CHs ,
+.IR IDc ,
+.IR IDr ,
+.IR Kn }
 .PP
-Otherwise an error message is returned.
-.TF "UserProc->AS"
-.TP
-.IR AS -> UserProc
-\fIAuthErr\fP, 64-byte error string
-.PD
+The two tickets are identical except for their type fields
+and the keys with which they are encrypted.
+The client and server can each decrypt one of the tickets,
+establishing a shared secret
+.IR Kn .
 .PP
-The user passes both tickets to the client's kernel using
-the
-.I fauth
-system call
-(see
-.IR fauth (2)).
-The kernel decrypts the ticket encrypted with \fIKc\fP.
-If \fIUIDc\fP
-matches the user's login ID, the tickets are remembered for
-any subsequent attaches by that user of that file server session.
-Otherwise, the ticket is assumed stolen and an error is returned.
-.SS "Remote Execution"
+The
+tickets can be viewed as a statement by the
+AS that
+``a client possessing the
+.I Kn
+key is allowed to authenticate as
+.IR IDr .''
 .PP
-A number of applications require a process on one machine to start
-a process with the same user ID on a server machine.
-Examples are
-.IR cpu (1),
-.I rx
-(see
-.IR con (1)),
-and
-.IR exportfs (4).
-The called process replies to the connection with a ticket request.
-.TF "Server->UserProc"
-.TP
-.IR Server -> UserProc
-\fIAuthTreq\fP, \fICHs\fP, \fIIDs\fP, \fIDNs\fP, xxx, xxx
-.PD
+The presence of the server challenge
+.I CHs
+in the ticket allows the server to verify the freshness
+of the ticket pair.
 .PP
-Here
-.I xxx
-indicates a field whose contents do not matter.
+The AS sets the
+.I IDr
+in the tickets to the requested
+.I IDr
+only if
+.I IDc
+is allowed to
+.I "speak for
+.RI ( q.v. )
+.IR IDr .
+If not,
+the AS sets
+.I IDr
+to the empty string.
 .PP
-The calling process adds its machine's \fIIDc\fP and its \fIUIDc\fP to the request
-and follows the protocol outlined above to get two tickets from the AS.
-The process passes the
-\fIKs\fP
-encrypted ticket plus an authenticator generated by
-.B /dev/authenticator
-from the 
-\fIKc\fP
-ticket to the remote server, which writes them to the
-kernel to set the user ID (see 
-.IR cons (3)).
-The server replies with its own authenticator which can be written
-to the kernel along with the
-\fIKc\fP
-encrypted ticket to confirm the server's identity (see
-.IR cons (3)).
-.TF "UserProc->Server"
-.TP
-.IR UserProc -> Server
-\fIKs\fP{ \fIAuthTs\fP, \fICHs\fP, \fIUIDc\fP, \fIUIDs\fP, \fIKn\fP }, \fIKn\fP{ \fIAuthAc\fP, \fICHs\fP, 0 } 
-.TP
-.IR Server -> UserProc
-\fIKn\fP{ \fIAuthAs\fP, \fICHs\fP, 0 }
-.PD
-.SS "Challenge Box"
-A user may also start a process on a CPU server from a non Plan 9
-machine using commands such as
-.IR con,
-.IR telnet,
+If the users
+.I IDc
 or
-.I ftp
-(see
-.IR con (1)
+.I IDs
+do not exist,
+the AS silently generates one-time
+random keys to use in place of
+.I Kc
+or
+.IR Ks ,
+so that clients cannot probe the AS
+to learn whether a user name is valid.
+.SS "P9sk1
+The Plan 9 shared key protocol
+.I p9sk1
+allows a client and server to authenticate each other.
+The protocol is:
+.TP
+.IR C \(-> S
+.I CHc
+.br
+The client starts by sending a random challenge to the server.
+.TP
+.IR S \(-> C
+.IR AuthTreq ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR \- ,
+.IR \-
+.br
+The server replies with a ticket request giving its
+id and authentication domain along with its own 
+random challenge.
+.TP
+.IR C \(-> S
+.IR Ks { AuthTs ,
+.IR CHs ,
+.IR IDc ,
+.IR IDr ,
+.IR Kn },
+.IR Kn { AuthAc ,
+.IR CHs }
+.br
+The client adds 
+.I IDc
 and
-.IR ftpfs (4)).
-In these situations, the user can authenticate using a hand-held
-DES encryptor.
-The telnet or FTP daemon first sends a ticket request to the
-authentication server.
-If the AS has keys for both the \fIIDc\fP and \fIUIDc\fP in the ticket
-request it returns a challenge as a hexadecimal number.
-.TF "Daemon->AS"
-.TP
-.IR Daemon -> AS
-\fIAuthChal\fP, \fICHc\fP, \fIIDc\fP, \fIDNs\fP, \fIIDc\fP, \fIUIDc\fP 
-.TP
-.IR AS -> Daemon
-\fIAuthOK\fP, 16-byte
-.SM ASCII
-challenge
+.I IDr
+to the ticket request and obtains a ticket pair
+from the AS as described above.
+The client relays the server's ticket along with
+an 
+.IR authenticator ,
+the
+.I AuthAc
+message.
+The authenticator proves to the server that the
+client knows
+.I Kn
+and is therefore allowed to authenticate as
+.IR IDr .
+(The inclusion of
+.IR CHs
+in the authenticator avoids replay attacks.)
+.TP
+.IR S \(-> C
+.IR Kn { AuthAs ,
+.IR CHc }
+.br
+The server replies with its own authenticator,
+proving to the client that it also knows
+.I Kn
+and therefore 
+.I Ks .
 .PD
 .PP
-Otherwise, it returns a null-terminated 64-byte error string.
-.TF "Daemon->AS"
-.TP
-.IR AS -> Daemon
-\fIAuthErr\fP, 64-byte error string
-.PD
+.I P9sk2
+is an older variant of 
+.I p9sk1
+used only when connecting to pre-9P2000 remote
+execution services.
+It omits the first message and last 
+messages and therefore does not
+authenticate the server to the client.
+.SS "P9any
+.I P9any
+is the standard Plan 9 authentication protocol.
+It consists of a negotiation to determine a common
+protocol, followed by the agreed-upon protocol.
 .PP
-The daemon relays the challenge to the calling program,
-which displays the challenge on the user's screen.
-The user encrypts it and types in the
-result, which is relayed back to the AS.
-The AS checks it against the expected response and returns
-either a ticket or an error.
-.TF "Daemon->AS"
-.TP
-.IR Daemon -> AS
-16-byte
-.SM ASCII
-response
-.TP
-.IR AS -> Daemon
-\fIAuthOK\fP, \fIKc\fP{ \fIAuthTs\fP, \fICHc\fP, \fIUIDc\fP, \fIUIDc\fP, \fIKn\fP }
-.PD
+The negotiation protocol is:
+.TP
+.IR S \(-> C
+.B v.2
+.IB proto@authdom
+.IB proto@authdom
+.I ...
+.sp -\n(PDu
+.TP
+.IR C \(-> S
+.I proto
+.I dom
+.sp -\n(PDu
+.TP
+.IR S \(-> C
+.B OK
 .PP
-or
-.TF "Daemon->AS"
-.TP
-.IR AS -> Daemon
-\fIAuthErr\fP, 64-byte error string
-.PD
+Each message is a NUL-terminated UTF string.
+The server begins by sending a list of
+.IR proto ,
+.I authdom
+pairs it is willing to use.
+The client
+responds with its choice.
+Requiring the client to wait for the final
+.B OK
+ensures that the client will not start
+the chosen protocol until the server is ready.
 .PP
-Finally, the daemon passes the ticket to the kernel
-to set the user ID (see
-.IR cons (3)).
-.SS "Password Change"
-Any user can change the key stored for him or her on the AS.
-Once again we start by passing a ticket request to the AS.
-Only the user ID in the request is meaningful.
-The AS replies with a single ticket (or an error message)
-encrypted in the user's personal key.
-The user encrypts both the old and new keys with the
-\fIKn\fP from the returned ticket and sends that back to the AS.
-The AS checks the reply for validity and replies with an
-\fIAuthOK\fP byte or an error message.
-.TF "UserProc->AS"
-.TP
-.IR UserProc -> AS
-\fIAuthPass\fP, xxx, xxx, xxx, xxx, \fIUIDc\fP
-.TP
-.IR AS -> UserProc
-\fIAuthOK\fP, \fIKc\fP{ \fIAuthTp\fR, xxx, xxx, xxx, \fIKn\fP }
-.TP
-.IR UserProc -> AS
-\fIKn\fP{ \fIAuthPass\fP, "old password", "new password" }
-.TP
-.IR AS -> UserProc
-\fIAuthOK\fP
-.PD
+The above is version 2 of the protocol.
+Version 1,
+no longer used,
+omitted the first message's
+.B v.2
+prefix
+and the 
+.B OK
+message.
 .PP
+The
+.I p9any
+protocol is the protocol used by all
+Plan 9 services.
+The file server runs it over special
+authentication files
+(see
+.IR fauth (2)
+and
+.IR attach (5)).
+Other services, such as
+.IR cpu (1)
+and
+.IR exportfs (4),
+run
+.I p9any
+over the network and then 
+use
+.I Kn
+to derive an
+.IR ssl (3)
+key to encrypt the rest of their communications.
+.SS "Password Change
+Users connect directly to the AS
+to change their passwords.
+The protocol is:
+.TP
+.IR C \(-> A
+.IR AuthPass ,
+.IR IDc ,
+.IR DN ,
+.IR CHc ,
+.IR IDc ,
+.IR IDc
+.br
+The client sends a password change ticket request.
+.TP
+.IR A \(-> C
+.IR Kc { AuthTp ,
+.IR CHc ,
+.IR IDc ,
+.IR IDc ,
+.IR Kn }
+.br
+The server responds with a ticket containing the key
+.I Kn
+encrypted with the client's key
+.IR Kc
+.TP
+.IR C \(-> A
+.IR Kn { AuthPass ,
+.IR old ,
+.IR new ,
+.IR changesecret ,
+.IR secret }
+.br
+The client decrypts the ticket using the old password
+and then sends back an encrypted password request
+.RB ( Passwordreq
+structure)
+containing the old password and the new password.
+If
+.I changesecret
+is set, the AS also changes
+the user's 
+.IR secret ,
+the password used for non-Plan 9 authentications.
+.TP
+.IR A \(-> C
+.I AuthOK
 or
-.TF "UserProc->AS"
-.TP
-.IR AS -> UserProc
-\fIAuthErr\fP, 64-byte error string
-.PD
-.PP
-.SS "Data Base"
+.IR AuthErr ,
+64-byte error message
+.br
+The AS responds with simply
+.I AuthOK
+or with
+.I AuthErr
+followed by a 64-byte error message.
+.SS "Authentication Database
 An
 .IR ndb (2)
-database file exists for the authentication server.
+database file 
+.B /lib/ndb/auth
+exists for the AS.
 This database maintains ``speaks for'' relationships, i.e.,
 it lists which users may speak for other users when
 authtenticating.
@@ -360,43 +439,274 @@ may speak for any user except
 .B sys
 and
 .BR adm .
-This property is used heavily on cpu servers.
+This property is used heavily on CPU servers.
+.SS "Foreign Protocols
+The AS accepts ticket request
+messages of types other than
+.I AuthTreq
+to allow users to
+authenticate using non-Plan 9 protocols.
+In these situations, the server communicates
+directly with the AS.
+Some protocols must begin without knowing the
+client's name.  They ignore the client name in the
+ticket request.
+All the protocols end
+with the AS sending
+an
+.I AuthOK
+message containing a server ticket and authenticator.
 .PP
-The
-.I ndb
-database is also used when talking to Lucent Radius
-servers to check SecureID authentications.  The database
-file provides the Radius server's secret key and
-to mappings from local uid's to those known by the server.
-The attribute type
-.B radius
-identifies the Radius server.
-The attribute
-.B secret
-provides the hash key used in talking to the
-server.
-The attributes
-.B uid
-and 
-.B rid
-profile the local and remote user id's when verifying
-a SecureID login.
-For example:
+.I AuthOK
+messages
+always have a fixed but context-dependent size.
+The occasional variable-length OK message starts with a
+.I AuthOKvar
+byte and a five-byte space-padded decimal length of the
+data that follows.
+.PP
+Anywhere an
+.I AuthOK
+message is expected, a
+.I AuthErr
+message may be substituted.
+.de Ok
+.sp -\n(PDu
+.TP
+.IR A \(-> S
+.IR AuthOK ,
+.IR Ks { \\$1 ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR IDs ,
+.IR IDc ,
+.IR Kn },
+.IR Kn { AuthTs ,
+.IR CHs }
+..
 .PP
+.TP
+.IR S \(-> A
+.IR AuthChal ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR IDs ,
+.IR IDc
+.sp -\n(PDu
+.TP
+.IR A \(-> S
+.IR AuthOK ,
+.IR challenge
+.sp -\n(PDu
+.TP
+.IR S \(-> A
+.IR response
+.Ok AuthChal
+.IP
+This protocol allows the use of 
+handheld authenticators such as SecureNet
+keys and SecureID tokens
+in programs such as
+.IR ssh (1)
+and
+.I ftpd
+(see
+.IR ipserv (8)).
+.IP
+.I Challenge
+and
+.I response 
+are text strings,
+.SM NUL -padded
+to 16 bytes
+.RB ( NETCHLEN ).
+The
+.I challenge
+is a random five-digit decimal number.
+When using a SecureNet key or
+.IR netkey (1),
+the 
+.I response
+is an eight-digit decimal or hexadecimal number
+that is an encryption of the challenge
+using the user's DES key.
+.IP
+When using a SecureID token,
+the challenge is ignored.
+The response is the user's PIN followed by
+the six-digit number currently displayed
+on the token.
+In this case, the AS
+queries an external RADIUS server
+to check the response.
+Use of a RADIUS server requires an entry in
+the authentication database.  For example:
+.IP
 .EX
-radius=lra-radius secret=xyzzy
-	uid=bob		rid=roberttheworkstation
+    radius=server-name secret=xyzzy
+        uid=howard rid=trickey
+        uid=sape   rid=smullender
 .EE
-.PP
-says that when verifying SecureID's on server
-.BR lra-radius ,
-use the hash key
-.BR xyzzy .
-Local user
-.B bob
-is known as
-.B roberttheworkstation
-on the radius server.
+.IP
+In this example, the secret
+.B xyzzy
+is the hash key used in talking to the RADIUS server.
+The
+.BR uid / rid
+lines map from Plan 9 user ids to RADIUS ids.
+Users not listed are assumed to have the
+same id in both places.
+.TP
+.IR S \(-> A
+AuthApop ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR \- ,
+.IR \-
+.sp -\n(PDu
+.TP
+.IR A \(-> S
+.IR AuthOKvar ,
+.IR challenge
+.sp -\n(PDu
+.TP
+.IR S \(-> A 
+AuthApop ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR IDc ,
+.IR IDc ;
+hexadecimal MD5 checksum
+.Ok AuthApop
+.IP
+This protocol implements APOP authentication
+(see
+.IR pop3 (8)).
+After receiving a ticket request of type
+.IR AuthApop ,
+the AS generates a random challenge
+of the form
+.BI < random @ domain >\fR.
+The client then replies with a new ticket request
+giving the user name
+followed by the MD5 checksum of
+the challenge concatenated with the user's secret.
+If the response is correct, the authentication
+server sends back a ticket
+and authenticator.
+If the response is incorrect, the client may repeat the
+ticket request/MD5 checksum message to try again.
+.IP
+The 
+.I AuthCram
+protocol runs identically to the
+.I AuthApop
+protocol, except that the expected MD5 checksum
+is the keyed MD5 hash using the user's secret as the key
+(see
+.I hmac_md5
+in
+.IR sechash (2)).
+.TP
+.IR S \(-> A
+.IR AuthChap ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR \- ,
+.IR \-
+.sp -\n(PDu
+.TP
+.IR A \(-> S
+.I challenge
+.sp -\n(PDu
+.TP
+.IR S \(-> A
+.IR pktid ,
+.IR IDc ,
+.IR response
+.Ok AuthChap
+.IP
+This protocol implements CHAP authentication
+(see
+.IR ppp (8)).
+The
+.I challenge
+is eight random bytes.
+The response is a 16-byte MD5 checksum
+over the packet id, user's secret, and challenge.
+The reply packet is defined as 
+.B OChapreply
+in
+.BR <authsrv.h> .
+.TP
+.IR S \(-> A
+.IR AuthMSchap ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR \- ,
+.IR \-
+.sp -\n(PDu
+.TP
+.IR A \(-> S
+.I challenge
+.sp -\n(PDu
+.TP
+.IR S \(-> A
+.IR IDc ,
+.IR lm-response ,
+.IR nt-response
+.Ok AuthMschap
+.IP
+This protocol implements Microsoft's MS-CHAP
+authentication
+(see
+.IR ppp (8)).
+The
+.I challenge
+is eight random bytes.
+The two responses are Microsofts LM and NT hashes.
+Only the NT hash may be used to authenticate,
+as the LM hash is considered too weak.
+The reply packet is defined as
+.B OMSchapreply
+in
+.BR <authsrv.h> .
+.TP
+.IR S \(-> A
+.IR AuthVNC ,
+.IR IDs ,
+.IR DN ,
+.IR CHs ,
+.IR IDs ,
+.IR IDc
+.sp -\n(PDu
+.TP
+.IR A \(-> S
+.IR AuthOKvar ,
+.I challenge
+.sp -\n(PDu
+.TP
+.IR S \(-> A
+.I response
+.Ok
+.IP
+This protocol implements VNC authentication
+(see
+.I vncs
+in
+.IR vnc (1)).
+The challenge is 16 random bytes, and the response
+is a DES ECB encryption of the challenge.
+The method by which VNC converts the user's
+secret into a DES key is weak, 
+considering only the first eight bytes of the secret.
+.PD
 .SH FILES
 .TF /lib/ndb/auth.*xxx
 .TP

sys/man/8/nfsserver

@@ -131,7 +131,7 @@ aux/pcnfsd
 aux/portmapper
 .EE
 .PP
-Assuming the cpu server's name is
+Assuming the CPU server's name is
 .BR eduardo ,
 the mount commands on the client would be:
 .PP