The Fourth Edition of Plan 9 includes a substantially reworked security architecture, described in the USENIX Security 2002 conference paper (html, ps, pdf) by Russ Cox, Eric Grosse, Rob Pike, Dave Presotto, and Sean Quinlan.

One particular aspect that other operating systems may wish to adopt is our single-signon solution. A process called factotum is used to hold credentials like passwords and public/private keypairs and perform cryptographic operations. Factotum allows clients to speak a variety of cryptographic protocols and therefore legacy application servers can participate in our single-signon system without change and without even knowing it exists.

The factotum has no direct permanent storage, but rather fetches credentials at startup from a secstore server on the network. To authenticate safely with the secstore, Password Authenticated Key-exchange is used; this implies that the user just has to remember and type one password and passive eavsdroppers or even active malicious intermediaries can not launch even a dictionary attack against the system. The credentials are encrypted for storage on secstore, so even an administrator there would have difficulty reading them.

To see the code for all this, download the Plan 9 distribution and look in /sys/src/cmd/auth, particularly subdirectories factotum and secstore. The libraries /sys/src/libmp and /sys/src/libsec may also interest you.

Copies ported to Linux and other Unix systems are available in Plan 9 from User Space.

Queries to webmaster@plan9.bell-labs.com.