From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <14ec7b180612280906oc502934ha8c2736cf9dfd51a@mail.gmail.com> Date: Thu, 28 Dec 2006 18:06:06 +0100 From: "andrey mirtchovski" To: "=?ISO-8859-1?Q?Alberto_Cort=E9s?=" , "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> Subject: Re: [9fans] login problems In-Reply-To: <20061228163947.GA3269@it.uc3m.es> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <7d3530220608121332m44545515jacb8c739146cdbe@mail.gmail.com> <20061228144016.GA5315@it.uc3m.es> <82c890d00612280656k5be75dddld7eb15f1995352f8@mail.gmail.com> <20061228152130.GA901@it.uc3m.es> <82c890d00612280738g7034d94fg3ab6c105f39148ad@mail.gmail.com> <20061228155110.GA23774@it.uc3m.es> <14ec7b180612280801u1ed55d12v58be6e860cbd0611@mail.gmail.com> <20061228163947.GA3269@it.uc3m.es> Cc: Topicbox-Message-UUID: fb470ac4-ead1-11e9-9d60-3106f5b1d025 > > After invoking "kill keyfs | rc ; auth/keyfs" I can see the users > directories under /mnt/keys. But I still can not cpu with the > login name of other users: > > cpu: can't authenticate: grunt: auth_proxy rpc write: (black > square)bootes: connection timed out > the way an auth server works is by linking together several programs: keyfs, authsrv and listen. keyfs decrypts the users passwords (keys) and serves them as a plan9 file system, listen accepts connections on the auth port (tcp 567) and starts authsrv to verify passwords against keys in keyfs. when you kill keyfs it disappears from the namespace in which listen was started and consequently authsrv can't read the keys, hence the requirement to reboot the machine (therefore rebuilding the right namespace). having written this just now, i think you may be starting keyfs after you start aux/listen in cpurc. you may want to look for that. now, to verify what keyfs thinks it has the same passwords as the ones you've given to the users you will have to navigate the directories it serves. you'll find the password in plaintext there. having the password in plaintext is one of the reasons /mnt/keys should be empty when you cpu to a machine. to ensure that auth/changeuser sets the password correctly you need to verify that /mnt/keys is populated before you run auth/changeuser. one way to do it is the aforementioned killing/restarting of keyfs, which is what i use to add new users to machines where i have no physical access handy.