Re: [9fans] Drawterm vs Authentication Server

Re: [9fans] Drawterm vs Authentication Server

[forsyth]

>>I was under the impression (per following e-mail, I am attaching below ),
>>that on the
>>terminal Plan 9 machine, there will be a problem with running keyfs. in
>>regards to readable /dev/key........

% auth/keyfs -p
Password:
22 keys read
% ls /mnt/keys
/mnt/keys/baldwin
/mnt/keys/bootes
/mnt/keys/chris
/mnt/keys/dla
/mnt/keys/forsyth
/mnt/keys/glenda
	...

i suppose i could run aux/listen ... in this space.

i thought that authfs might help generate special versions
of the auth files but it might not matter in this case.

Re: [9fans] Drawterm vs Authentication Server

[Alexander Povolotsky]

I decided to try for user "bootes" - may be I am still missing something or
doing wrong -
I am getting the following message when changing to user bootes and
providing the password
 now on the "drawterm" side:
" ?AS protocol botch: file does not exist"

What is the meaning of this "cryptic" message ?

"Jonathan Sergent" <sergent@io.com> wrote in message
news:E14s5zx-00093a-00@c61066-a.frmt1.sfba.home.com...
> > I was under the impression (per following e-mail, I am attaching
below ),
> > that on the
> > terminal Plan 9 machine, there will be a problem with running keyfs. in
> > regards to readable /dev/key........
>
> It'll prompt you for the key at startup.  I have done this.  It
> works just fine (cpu, drawterm, ssh, telnet, etc.).
>
> Rebuilding the kernel is not hard, nor does it take very long.

Re: [9fans] Drawterm vs Authentication Server

[Jonathan Sergent]

> I was under the impression (per following e-mail, I am attaching below ),
> that on the
> terminal Plan 9 machine, there will be a problem with running keyfs. in
> regards to readable /dev/key........

It'll prompt you for the key at startup.  I have done this.  It
works just fine (cpu, drawterm, ssh, telnet, etc.).

Rebuilding the kernel is not hard, nor does it take very long.

Re: [9fans] Drawterm vs Authentication Server

[Alexander Povolotsky]

I was under the impression (per following e-mail, I am attaching below ),
that on the
terminal Plan 9 machine, there will be a problem with running keyfs. in
regards to readable /dev/key........

-----Original Message-----
From: Russ Cox [mailto:rsc@plan9.bell-labs.com]
Sent: Wednesday, April 18, 2001 10:18 AM
To: ap80@lucent.com
Subject: RE: FW: drawterm connection failure


You need to set up an authentication server.
That's a bit more complex.  You need to start
by running auth/keyfs (see the man page) and
then adding users with auth/changeuser.

To run the keyfs, though, you need to
have a readable /dev/key (normally found only
on cpu servers).

The easiest way to do this
is build a new kernel.  Specifically, edit /sys/src/9/port/auth.c,
and in the keyread() function change

 if(!cpuserver || !iseve())
  error(Eperm);

to

 if(!iseve())
  error(Eperm);

and then rebuild your kernel.

Russ

<presotto@plan9.bell-labs.com> wrote in message
news:20010424123215.A0CC919AEA@mail.cse.psu.edu...
> There's nothing special about the auth server except for who knows
> that its the auth server.  You can always start auth/keyfs and run
> aux/listen -t /rc/bin/service.auth on any machine and transform it
> into an auth server.
>
> If you want no authentication, you can change both cpu and drawterm.  If
> you look closely at the cpu command, you'll see that it negotiates
> authentication mechanism.  If you change cpu.c and drawterm.c to allow
> a null authentication mechanism, you'll have what you want.  Look at
> authmethod in both programs.