Plan 9 from Bell Labs. When a programme wants to authenticate to a service, it requests a key from factotum. If factotum does not have the key, it requests it from the users either via the terminal window or auth/fgui which is then stored in volatile memory. factotum then authenticates to the service on behalf of the programme.