From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sat, 2 Sep 1995 16:59:30 -0400 From: Pace Willisson pace@blitz.com Subject: authentication server for unix Topicbox-Message-UUID: 1f3758e4-eac8-11e9-9e20-41e7f4b1d025 Message-ID: <19950902205930.qtb7DIcLL7Z24gc1SrAKKK7P4X1eGv9izPZhgVNHUBw@z> I've got a plan 9 authentication server running on a stock BSDI unix system. The basic idea is that I wrote a SOCK_RAW based IL driver, and then imported the main parts of the plan 9 auth.srv program. You probably don't need this unless you have at least 3 computers: a unix system that you have to keep running even when playing with plan 9, plus 2 other computers to run a plan 9 file server and a plan 9 terminal. Here is the README file - follow the instructions if you'd like to receive a copy of the whole program. Pace Willisson pace@blitz.com This is a (fairly) quick hack to make a plan 9 authentication server that can run under unix. Using it, you can set up a reasonably complete plan 9 system with 2 dedicated ibm pc's - otherwise, you need 3 - a file server, a cpu/authentication server, and a terminal server. You can eliminate the need for the plan 9 file server by running u9fs on a unix machine, but that really slows things down (on my pentium, sam compiles in 14 seconds with a plan 9 file server, but 44 seconds using u9fs). Once you have a plan 9 file server, you really need an authentication server, otherwise, every time you boot the file server, you have to catch it in the middle and type "allow" (and thus give up all permission checking). In the usual plan 9 systems, the authentication server runs on a cpu server. I looked for ways to get it to run on a terminal, but it didn't seem like that would really work out (mainly due to the fake nvram handling). Perhaps Vadim's suggestions for merging the terminal and cpu server functions could help, but since plan 9 is so new to me, I can't evaluate them. Except for running the authentication server, the cpu server is not needed if your terminal is fast. So, I adopted the goal of moving the authentication server to a unix box that is always up. Then, I can use 2 ibm pc's to run the plan 9 file server, and a plan 9 terminal, and that should be a reasonable platform to give plan 9 a fair evaluation. So, now that I've gotten this program to the point that it works, but it isn't all that pretty, and I doubt I'll spend much time cleaning it up. But, perhaps it will be useful for others on the net. If you'd like to help improve it, please get in touch. If you would like to receive a copy of this program, please send email to stating that: you are a plan 9 licensee you are a United States citizen your email is delivered in the United States I'll send a uuencoded, gzipped tar file by return email. To international users, I apologize for the silly US export rules, but I don't know what else I can do. Here is some minimal documentation: The package contains three programs: auth.srv, setkey and netkey. auth.srv contains an IL protocol driver which communicates with the world via a SOCK_RAW socket, plus a plan 9 authentication server. It listens for requests on IL port 566, and generates responses based on the key file "/etc/auth.keys". setkey sets the key for a given account. netkey is a straightforward port of the program by the same name in plan 9. It is used for answering telnet challenges. INSTALLATION: I did this work on BSDI BSD/386 1.1 and BSD/OS 2.0.1. It ought to work on any system with sockets, but it will probably need some minor tweaking. Also, it assumes that getpass(3) can return long passwords. I think that older systems have a limit of 8 bytes, but plan 9 has requires a minimum of 8 bytes. The configuration options: ilgate.c: LOGFILE auth.h: KEYFILE and NEW_KEYFILE Makefile: installation directory Type "make" then "make install" as root. Since the program must use a raw socket, it has to be run as root. A useful improvement would be to have the program relinquish its root privileges after it has its files opened. Run "setkey" as root to create a key for yourself, and for the "authid" mentioned in section 4 of the paper "Installing the Plan 9 Distribution". For the first try, run "auth.srv -d". Then, on plan 9, edit /lib/ndb/local and set "auth=XXX" to point at your unix machine. Do something that needs authentication (e.g. boot the terminal and login with a name other than none), and see if it works. Eventually, you'll want to put "auth.srv -b" in /etc/rc. "-b" means background, and causes logfile output to go to /var/log/auth.srv.