From: presotto@closedmind.org
To: 9fans@cse.psu.edu
Subject: Re: [9fans] identity/ownership
Date: Tue, 6 Nov 2001 10:33:08 -0500 [thread overview]
Message-ID: <20011106153311.5126A199BB@mail.cse.psu.edu> (raw)
I'm not entirely sure what your situation is. However, here's
the rules:
Define `hostowner' as the id of the user the host is running as, i.e.,
the contents of /dev/hostowner. On a terminal the user name and
pawword are prompted for, the user name becoming the hostowner.
On a PC they come from NVRAM, a disk partition called nvram, or
are typed in at boot. Cat /dev/hostowner to be sure.
Call 'user' the user authenticating from a remote machine.
If 'hostowner' and 'user' both exist in /mnt/keys on the auth
server with the same keys entered into their respective machines,
then 'user' can successfully authenticate to the cpu and a
process will be started there for him. However, any remote
resources that process now attaches must be authenticated.
Since the user's key is not on the cpu server, the cpu server
has to speak for the user in the attach. For this to happen
the auth server has to have a 'speaks for' relation in its
/lib/ndb/authid that allows this.
The 'speaks for' relation in /lib/ndb/authid looks like what you
said you did:
hostid=proxima
uid=!sys uid=!adm uid=*
That means that on a system owned by 'proxima', 'proxima' is allowed
to speak for anyone except sys and adm. If 'user' has
successfully authenticated to the cpu server, the cpu
server should be able to authenticate 'user' in any mount
of a remote file server. Lacking that relation, you will
get attached as 'none'.
There is an also implicit 'speaks for' relation, i.e., anyone can speak for
themselves. Therefore, you don't need the 'speaks for' relation
hostid=lucio
uid=lucio
That's why you can connect to your terminal whose hostowner is
you and be able to successfully authenticate to remote resources.
This all explains your first message but not your most recent. If
- have added to the /lib/ndb/authid on the filesystem used by the
auth server
hostid=proxima
uid=!sys uid=!adm uid=*
AND
- the contents of /dev/hostowner on the cpu server is 'proxima
AND
- all the systems use the same auth server
Then it all should have worked.
next reply other threads:[~2001-11-06 15:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-06 15:33 presotto [this message]
2001-11-07 5:27 ` Lucio De Re
-- strict thread matches above, loose matches on Subject: below --
2001-11-07 14:22 presotto
2001-11-07 13:36 presotto
2001-11-07 9:03 Fco.J.Ballesteros
2001-11-07 9:12 ` Lucio De Re
2001-11-06 14:52 forsyth
2001-11-06 13:44 forsyth
2001-11-06 13:45 ` Lucio De Re
2001-11-06 14:15 ` Lucio De Re
2001-11-06 13:00 Lucio De Re
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20011106153311.5126A199BB@mail.cse.psu.edu \
--to=presotto@closedmind.org \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).