From: davide+p9@cs.cmu.edu
To: David Presotto <presotto@closedmind.org>
Cc: 9fans@cse.psu.edu
Subject: Re: [9fans] Authentication debugging help?
Date: Tue, 20 Jan 2004 14:26:41 -0500 [thread overview]
Message-ID: <10048.1074626801@piper.nectar.cs.cmu.edu> (raw)
In-Reply-To: <797f65da44cdbd78a92e7fd405e73b49@plan9.bell-labs.com>
> Host id is the id of the 'owner' or the host, i.e., the
> name used when you booted the system.
I'm not yet certain I understand *exactly* what that
tuple in /lib/ndb/auth means... is it:
1. "Anybody on any host who can prove to the auth
server on the auth host that he's bootes is allowed
to become anybody (except for adm and sys, if I recall)
on any host which trusts that auth host"
or
2. "Anybody on *any* host who can prove to the kernel
on that host that he's bootes is allowed to become
anybody (!adm, !sys) on that host"
or something else?
> 'netstat -n' should show something listening on tcp ports: [...]
> 'ps' should show a keyfs process running.
> [...]
Excellent, I will check these this evening when I'm home.
> What is serving DHCP for this network?
A LinkSys BEFSR41 NAT box. The auth/fossil server manually
ipconfig's an address outside the range managed by the LinkSys.
I set bootargs (or is it bootfile?) to "il -d" if I recall,
so the client should be assigned an IP address by the LinkSys.
> The newly booted system will first do a DHCP request to find out
> it's address, the address of the dns servers, the address of auth
> server, and the address of the file server. If it fails to get
> any of these, it will prompt for them on the console. Is it
> getting that far?
I used fs= and auth= in PLAN9.ini to point to the IP address
of the auth/fossil server. So I think it's probably getting
further than that.
Is there a tcpdump/ethereal equivalent I should run on the
server while the client is booting?
Another thing I noticed, which I can't describe exactly
since I left my notes at home, is that "somewhere in
/sys/log" there was a complaint about somebody (maybe
fossil?) not being able to get a role=server dome=? key,
though when I cat'd /mnt/factotum/ctl I see a key (the only
one) which looks to my eyes to match--it doesn't say
role=server but it doesn't say role=anything.
Also, among the various things I've tried, I think I've
seen kernel panics with both "connection refused" and
"connection rejected"--what is the difference between
those?
Dave Eckhardt
next parent reply other threads:[~2004-01-20 19:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <797f65da44cdbd78a92e7fd405e73b49@plan9.bell-labs.com>
2004-01-20 19:26 ` davide+p9 [this message]
2004-01-21 1:44 ` David Presotto
2004-01-21 1:49 ` David Presotto
2004-01-22 20:59 davide+p9
2004-01-22 21:05 ` David Presotto
2004-01-29 16:56 ` davide+p9
-- strict thread matches above, loose matches on Subject: below --
2004-01-20 19:09 David Presotto
2004-01-20 18:40 David Eckhardt
2004-01-21 8:32 ` Fco.J.Ballesteros
2004-01-21 23:56 ` matt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10048.1074626801@piper.nectar.cs.cmu.edu \
--to=davide+p9@cs.cmu.edu \
--cc=9fans@cse.psu.edu \
--cc=presotto@closedmind.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).