From: "andrey mirtchovski" <mirtchovski@gmail.com>
To: "Alberto Cortés" <alcortes@it.uc3m.es>,
"Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu>
Subject: Re: [9fans] login problems
Date: Thu, 28 Dec 2006 18:06:06 +0100 [thread overview]
Message-ID: <14ec7b180612280906oc502934ha8c2736cf9dfd51a@mail.gmail.com> (raw)
In-Reply-To: <20061228163947.GA3269@it.uc3m.es>
>
> After invoking "kill keyfs | rc ; auth/keyfs" I can see the users
> directories under /mnt/keys. But I still can not cpu with the
> login name of other users:
>
> cpu: can't authenticate: grunt: auth_proxy rpc write: (black
> square)bootes: connection timed out
>
the way an auth server works is by linking together several programs:
keyfs, authsrv and listen. keyfs decrypts the users passwords (keys)
and serves them as a plan9 file system, listen accepts connections on
the auth port (tcp 567) and starts authsrv to verify passwords against
keys in keyfs.
when you kill keyfs it disappears from the namespace in which listen
was started and consequently authsrv can't read the keys, hence the
requirement to reboot the machine (therefore rebuilding the right
namespace).
having written this just now, i think you may be starting keyfs after
you start aux/listen in cpurc. you may want to look for that.
now, to verify what keyfs thinks it has the same passwords as the ones
you've given to the users you will have to navigate the directories it
serves. you'll find the password in plaintext there. having the
password in plaintext is one of the reasons /mnt/keys should be empty
when you cpu to a machine.
to ensure that auth/changeuser sets the password correctly you need to
verify that /mnt/keys is populated before you run auth/changeuser. one
way to do it is the aforementioned killing/restarting of keyfs, which
is what i use to add new users to machines where i have no physical
access handy.
next prev parent reply other threads:[~2006-12-28 17:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-12 20:32 John Floren
2006-08-19 0:37 ` Rodolfo (kix)
2006-08-20 1:50 ` John Floren
2006-08-20 2:02 ` John Floren
2006-08-20 2:15 ` andrey mirtchovski
2006-08-20 3:07 ` John Floren
2006-08-20 3:15 ` andrey mirtchovski
2006-12-28 14:40 ` Alberto Cortés
2006-12-28 14:56 ` Gabriel Diaz
2006-12-28 15:21 ` Alberto Cortés
2006-12-28 15:38 ` Gabriel Diaz
2006-12-28 15:51 ` Alberto Cortés
2006-12-28 16:01 ` andrey mirtchovski
2006-12-28 16:39 ` Alberto Cortés
2006-12-28 17:06 ` andrey mirtchovski [this message]
2006-12-29 11:55 ` Alberto Cortés
2006-12-29 12:06 ` andrey mirtchovski
2006-12-29 12:35 ` Alberto Cortés
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14ec7b180612280906oc502934ha8c2736cf9dfd51a@mail.gmail.com \
--to=mirtchovski@gmail.com \
--cc=9fans@cse.psu.edu \
--cc=alcortes@it.uc3m.es \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).