* Re: [9fans] Drawterm vs Autentication Server
@ 2001-04-24 12:32 presotto
2001-04-24 13:54 ` [9fans] Drawterm vs Authentication Server Alexander Povolotsky
0 siblings, 1 reply; 8+ messages in thread
From: presotto @ 2001-04-24 12:32 UTC (permalink / raw)
To: 9fans
There's nothing special about the auth server except for who knows
that its the auth server. You can always start auth/keyfs and run
aux/listen -t /rc/bin/service.auth on any machine and transform it
into an auth server.
If you want no authentication, you can change both cpu and drawterm. If
you look closely at the cpu command, you'll see that it negotiates
authentication mechanism. If you change cpu.c and drawterm.c to allow
a null authentication mechanism, you'll have what you want. Look at
authmethod in both programs.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Drawterm vs Authentication Server
2001-04-24 12:32 [9fans] Drawterm vs Autentication Server presotto
@ 2001-04-24 13:54 ` Alexander Povolotsky
2001-04-24 16:49 ` Jonathan Sergent
0 siblings, 1 reply; 8+ messages in thread
From: Alexander Povolotsky @ 2001-04-24 13:54 UTC (permalink / raw)
To: 9fans
I was under the impression (per following e-mail, I am attaching below ),
that on the
terminal Plan 9 machine, there will be a problem with running keyfs. in
regards to readable /dev/key........
-----Original Message-----
From: Russ Cox [mailto:rsc@plan9.bell-labs.com]
Sent: Wednesday, April 18, 2001 10:18 AM
To: ap80@lucent.com
Subject: RE: FW: drawterm connection failure
You need to set up an authentication server.
That's a bit more complex. You need to start
by running auth/keyfs (see the man page) and
then adding users with auth/changeuser.
To run the keyfs, though, you need to
have a readable /dev/key (normally found only
on cpu servers).
The easiest way to do this
is build a new kernel. Specifically, edit /sys/src/9/port/auth.c,
and in the keyread() function change
if(!cpuserver || !iseve())
error(Eperm);
to
if(!iseve())
error(Eperm);
and then rebuild your kernel.
Russ
<presotto@plan9.bell-labs.com> wrote in message
news:20010424123215.A0CC919AEA@mail.cse.psu.edu...
> There's nothing special about the auth server except for who knows
> that its the auth server. You can always start auth/keyfs and run
> aux/listen -t /rc/bin/service.auth on any machine and transform it
> into an auth server.
>
> If you want no authentication, you can change both cpu and drawterm. If
> you look closely at the cpu command, you'll see that it negotiates
> authentication mechanism. If you change cpu.c and drawterm.c to allow
> a null authentication mechanism, you'll have what you want. Look at
> authmethod in both programs.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Drawterm vs Authentication Server
2001-04-24 13:54 ` [9fans] Drawterm vs Authentication Server Alexander Povolotsky
@ 2001-04-24 16:49 ` Jonathan Sergent
2001-04-25 8:54 ` Alexander Povolotsky
0 siblings, 1 reply; 8+ messages in thread
From: Jonathan Sergent @ 2001-04-24 16:49 UTC (permalink / raw)
To: 9fans
> I was under the impression (per following e-mail, I am attaching below ),
> that on the
> terminal Plan 9 machine, there will be a problem with running keyfs. in
> regards to readable /dev/key........
It'll prompt you for the key at startup. I have done this. It
works just fine (cpu, drawterm, ssh, telnet, etc.).
Rebuilding the kernel is not hard, nor does it take very long.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Drawterm vs Authentication Server
2001-04-24 16:49 ` Jonathan Sergent
@ 2001-04-25 8:54 ` Alexander Povolotsky
0 siblings, 0 replies; 8+ messages in thread
From: Alexander Povolotsky @ 2001-04-25 8:54 UTC (permalink / raw)
To: 9fans
I decided to try for user "bootes" - may be I am still missing something or
doing wrong -
I am getting the following message when changing to user bootes and
providing the password
now on the "drawterm" side:
" ?AS protocol botch: file does not exist"
What is the meaning of this "cryptic" message ?
"Jonathan Sergent" <sergent@io.com> wrote in message
news:E14s5zx-00093a-00@c61066-a.frmt1.sfba.home.com...
> > I was under the impression (per following e-mail, I am attaching
below ),
> > that on the
> > terminal Plan 9 machine, there will be a problem with running keyfs. in
> > regards to readable /dev/key........
>
> It'll prompt you for the key at startup. I have done this. It
> works just fine (cpu, drawterm, ssh, telnet, etc.).
>
> Rebuilding the kernel is not hard, nor does it take very long.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Drawterm vs Autentication Server
@ 2001-04-24 10:15 forsyth
0 siblings, 0 replies; 8+ messages in thread
From: forsyth @ 2001-04-24 10:15 UTC (permalink / raw)
To: 9fans
>>If even the latter request is too hard to honor,
>>then at least I would like to ask Plan 9 code owners to provide for ability
>>to start "authentication server"
>>manually, thus allowing to fully upgrade from Plan 9 terminal to Plan 9 CPU
>>server "on the fly",
>>i.e. without reconfiguring and rebuilding the kernel.
i think you might be able to do that, by running auth/keyfs (see
keyfs(4)) and appropriate variants of aux/listen in a name space in
which you've previously run authfs(4) to provide suitably named
replacement authentication files to allow you to set your own keys.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Drawterm vs Autentication Server
2001-04-23 15:39 rsc
@ 2001-04-24 9:00 ` Alexander Povolotsky
0 siblings, 0 replies; 8+ messages in thread
From: Alexander Povolotsky @ 2001-04-24 9:00 UTC (permalink / raw)
To: 9fans
I did not mean that the enhancement I am requesting for Plan 9 owners to
implement only relates to the "drawterm" (Solaris code) side
(though implementation of the "noauth" modifier and passing it to Plan 9 cpu
server during connection belongs to that part
of the code).
Obviously the Plan 9 listener should also be modified as a part of
fulfilling my request.
>You could consider removing
> the authentication protocol from both drawterm and
> the cpu listener, but that's more work than just setting
> up a proper auth server.
If what I am asking above is too much ..., then
instead of me removing the authentication protocol in my copy of the code,
I would like to ask Plan 9 code owners to implement in the next standard
distribution.
If even the latter request is too hard to honor,
then at least I would like to ask Plan 9 code owners to provide for ability
to start "authentication server"
manually, thus allowing to fully upgrade from Plan 9 terminal to Plan 9 CPU
server "on the fly",
i.e. without reconfiguring and rebuilding the kernel.
Best Regards,
Alex Povolotsky
----------------------------------------------------------------------------
---------------------------------
<rsc@plan9.bell-labs.com> wrote in message
news:200104231539.LAA20789@smtp1.fas.harvard.edu...
> > Is it possible to consider implementation of "noauth" option for the
> > drawterm (running on Solaris )
> > to allow to connect to the Plan 9 machine without authentication ?
>
> It's not drawterm that is insisting on authentication,
> but the cpu server itself. You could consider removing
> the authentication protocol from both drawterm and
> the cpu listener, but that's more work than just setting
> up a proper auth server.
>
> Russ
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Drawterm vs Autentication Server
@ 2001-04-23 15:39 rsc
2001-04-24 9:00 ` Alexander Povolotsky
0 siblings, 1 reply; 8+ messages in thread
From: rsc @ 2001-04-23 15:39 UTC (permalink / raw)
To: 9fans
> Is it possible to consider implementation of "noauth" option for the
> drawterm (running on Solaris )
> to allow to connect to the Plan 9 machine without authentication ?
It's not drawterm that is insisting on authentication,
but the cpu server itself. You could consider removing
the authentication protocol from both drawterm and
the cpu listener, but that's more work than just setting
up a proper auth server.
Russ
^ permalink raw reply [flat|nested] 8+ messages in thread
* [9fans] Drawterm vs Autentication Server
@ 2001-04-23 9:54 Alexander Povolotsky
0 siblings, 0 replies; 8+ messages in thread
From: Alexander Povolotsky @ 2001-04-23 9:54 UTC (permalink / raw)
To: 9fans
Is it possible to consider implementation of "noauth" option for the
drawterm (running on Solaris )
to allow to connect to the Plan 9 machine without authentication ?
Regards,
Alex Povolotsky
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2001-04-25 8:54 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-04-24 12:32 [9fans] Drawterm vs Autentication Server presotto
2001-04-24 13:54 ` [9fans] Drawterm vs Authentication Server Alexander Povolotsky
2001-04-24 16:49 ` Jonathan Sergent
2001-04-25 8:54 ` Alexander Povolotsky
-- strict thread matches above, loose matches on Subject: below --
2001-04-24 10:15 [9fans] Drawterm vs Autentication Server forsyth
2001-04-23 15:39 rsc
2001-04-24 9:00 ` Alexander Povolotsky
2001-04-23 9:54 Alexander Povolotsky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).