From mboxrd@z Thu Jan 1 00:00:00 1970 Mime-Version: 1.0 (Apple Message framework v753.1) In-Reply-To: <20080726161318.7D3461E8C1C@holo.morphisms.net> References: <20080726161318.7D3461E8C1C@holo.morphisms.net> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <0A2908D4-84FC-4C4F-B12D-87D4573A82D4@gmail.com> Content-Transfer-Encoding: 7bit From: Gregory Pavelcak Date: Sat, 26 Jul 2008 14:28:17 -0400 To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Subject: Re: [9fans] CPU Server Wiki, auth/keyfs, and password for the machine. Topicbox-Message-UUID: f1c1cde8-ead3-11e9-9d60-3106f5b1d025 Thanks Russ for the typically thoughtful and informative reply. You are perhaps the most valuable resource on any mailing list anywhere. There ought to be an award or something. The reason I ask is that I missed that step the first time I tried to set up the CPU/Auth server, but I've since gone through it all again carefully more than once, and I stll get "connection rejected" with my Ken's file server. (Yes I know fossil/venti is the current standard, but what can I say, I'm, perhaps irrationally, or at least non-rationally, attached to the old file server.) The problem is, other than going through the Wiki and 9fans archives, which I've done, I don't have any notion of how to find out where I went wrong. I successfully set this up in the past. I did remember to add IL back to pccpuf, and, as I said, I followed the Wiki. I'm at a loss. Any pointers appreciated. Greg On Jul 26, 2008, at 12:15 PM, Russ Cox wrote: >> In the Wiki on configuring a standalone cpu server, there is a >> part that >> says to run auth/keyfs to provide a password for the machine. >> Assuming >> a fresh install, this is done while logged in as glenda. >> >> Is this really necessary? Is it different from zeroing the nvram and >> then entering authid, password, etc.? > > Yes, and yes. > > Auth/keyfs is the authentication database. > It holds key info for every user in the > authentication domain it serves, including > whatever user the cpu server itself runs as. > > Filling out the nvram sets the info that gets > used to initialize the cpu server's factotum. > Like any other factotum, it needs to have a key > that matches the one in authentication database. > > Auth/keyfs could plausibly preinitialize the > entry for the host owner using the nvram key, > and that would be fine most of the time, but > not always. (It is possible to boot in one auth > domain but load an auth/keyfs and be an auth > server for a second domain. This is why, for > example, users with accounts on the auth > server sources.cs.bell-labs.com can mount > its fossil but not cpu to the machine.) > > Russ > >