[9fans] auth/changeuser problems

[9fans] auth/changeuser problems

[John Floren]

I've got a cpu/auth/file server set up here, but when I try to run
auth/keyfs through drawterm, I get the following error message:
readnvram: couldn't find nvram
can't read /dev/key, please enter machine key
Password:

What might be the problem here? It *looks* like the nvram partition
may have gotten messed up; should I try going to the console and
resetting the partition?


John Floren
-- 
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn

Re: [9fans] auth/changeuser problems

[erik quanstrom]

On Sun Feb 25 16:17:24 EST 2007, slawmaster@gmail.com wrote:
> I've got a cpu/auth/file server set up here, but when I try to run
> auth/keyfs through drawterm, I get the following error message:
> readnvram: couldn't find nvram
> can't read /dev/key, please enter machine key
> Password:
> 
> What might be the problem here? It *looks* like the nvram partition
> may have gotten messed up; should I try going to the console and
> resetting the partition?

here are two quick guesses.  i'd imagine that #1 is it.

1.  the cpu/auth/fileserver should be running keyfs from cpurc.
likely you are not the hostowner when drawtermed in and thus
don't have permissions to /dev/sd??/nvram.

2. you don't have an 1-block "nvram" partition in your plan 9 partition table.

- erik

Re: [9fans] auth/changeuser problems

[John Floren]

On 2/25/07, erik quanstrom <quanstro@coraid.com> wrote:
> On Sun Feb 25 16:17:24 EST 2007, slawmaster@gmail.com wrote:
> > I've got a cpu/auth/file server set up here, but when I try to run
> > auth/keyfs through drawterm, I get the following error message:
> > readnvram: couldn't find nvram
> > can't read /dev/key, please enter machine key
> > Password:
> >
> > What might be the problem here? It *looks* like the nvram partition
> > may have gotten messed up; should I try going to the console and
> > resetting the partition?
>
> here are two quick guesses.  i'd imagine that #1 is it.
>
> 1.  the cpu/auth/fileserver should be running keyfs from cpurc.
> likely you are not the hostowner when drawtermed in and thus
> don't have permissions to /dev/sd??/nvram.
>
> 2. you don't have an 1-block "nvram" partition in your plan 9 partition table.
>
> - erik
>

Well, I know for a fact that I have an nvram partition--I can see it
in /dev/sdC0, and if I 'cat' it there /is/ some data.

As for keyfs not running, ps | grep keyfs gives me this:
bootes           66    0:00   0:00      100K Pread    keyfs
bootes          235    0:00   0:00      100K Pread    keyfs
The low PID on the first keyfs makes me think it was launched by
cpurc, which does in fact contain a line to start keyfs. I've also
restarted the machine remotely using the 'echo reboot /386/9pccpuf >
/dev/reboot' trick and the problem persists.

The reason I'm trying to run auth/keyfs as a normal user is so I can
run auth/changeuser to change my password. What's the deal with
"passwd", anyway? Although that's the obvious choice for changing my
password, when I try to run it I get the message "passwd: protocol
botch: cs: can't translate service".


John
-- 
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn

Re: [9fans] auth/changeuser problems

[erik quanstrom]

when the maual page says this

     DESCRIPTION
          These administrative commands run only on the authentication
          server.

i think you should read "on the console of the authentication server".
one problem i've sometimes noticed with changeuser is it can duplicate
lines in /auth/keys.who

- erik
> Well, I know for a fact that I have an nvram partition--I can see it
> in /dev/sdC0, and if I 'cat' it there /is/ some data.
> 
> As for keyfs not running, ps | grep keyfs gives me this:
> bootes           66    0:00   0:00      100K Pread    keyfs
> bootes          235    0:00   0:00      100K Pread    keyfs
> The low PID on the first keyfs makes me think it was launched by
> cpurc, which does in fact contain a line to start keyfs. I've also
> restarted the machine remotely using the 'echo reboot /386/9pccpuf >
> /dev/reboot' trick and the problem persists.
> 
> The reason I'm trying to run auth/keyfs as a normal user is so I can
> run auth/changeuser to change my password. What's the deal with
> "passwd", anyway? Although that's the obvious choice for changing my
> password, when I try to run it I get the message "passwd: protocol
> botch: cs: can't translate service".

perhaps you don't have an authserver set in /lib/ndb/local?

- erik

Re: [9fans] auth/changeuser problems

[Steve Simon]

To change your password just run passwd, auth/changeuser is an adminstrative
command to change somone elses password rather than your own. It is normally
run from the auth server's console.

The error "cs: cannot translate service" is more telling, I think your
lib/ndb/local doesn't have enough info, to tell ndb/cs how to find your
auth server.

You can check by typing:

	ndb/ipquery sys $sysname auth

If you run auth/debug you can check this and some other bits and pieces.

-Steve

Re: [9fans] auth/changeuser problems

[john]

[-- Attachment #1: Type: text/plain, Size: 527 bytes --]

I'm sending this from my machine. The output of ndb/ipquery sys csplan9 auth is
auth=csplan9.rit.edu

Running auth/debug gives me the following:
p9sk1 key: proto=p9sk1 user=bootes dom=rit.edu !hex? !password?
	successfully dialed auth server
	password for bootes@rit.edu [hit enter to skip test]: 
	ticket request using bootes@rit.edu key succeeded
	cpu server owner for domain rit.edu [bootes]: 
	password for bootes@rit.edu [hit enter to skip test]: 
	ticket request using bootes@rit.edu key succeeded



John

[-- Attachment #2: Type: message/rfc822, Size: 3109 bytes --]

From: "Steve Simon" <steve@quintile.net>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] auth/changeuser problems
Date: Mon, 26 Feb 2007 01:02:11 +0000
Message-ID: <aa8a6b8ba16f87f99b0210d744dcc1da@quintile.net>

To change your password just run passwd, auth/changeuser is an adminstrative
command to change somone elses password rather than your own. It is normally
run from the auth server's console.

The error "cs: cannot translate service" is more telling, I think your
lib/ndb/local doesn't have enough info, to tell ndb/cs how to find your
auth server.

You can check by typing:

	ndb/ipquery sys $sysname auth

If you run auth/debug you can check this and some other bits and pieces.

-Steve

Re: [9fans] auth/changeuser problems

[john]

I'm not completely sure what the problem was, but everything seems
to be working properly now. I have a few guesses as to what was
causing my annoyance:
1. The nvram partition was apparently wrong in some fashion.
     Upon rebooting, I was prompted for new nvram values
2. My /lib/ndb/local file was wrong in at least one way--the
    system's IP address apparently was changed at some point,
    probably when it was relocated.
Let's hope it'll be smooth sailing from here! I think the system is
almost ready to open to students.



John Floren