Re: [9fans] floppy based standalone auth server

Re: [9fans] floppy based standalone auth server

[Russ Cox]

> I create `/mnt/netkeys'.  Its meaning is not clear enough to me.

There are two key databases -- keys and netkeys.
Keys is the usual database used by Plan 9, while netkeys
is typically a secondary database tracking people who
use hardware DES-based SecureNet authenticators like the ones from
Digital Pathways (now some other name, I'm sure),
You don't need netkeys if you're not using hardware boxes.

Russ

Re: [9fans] floppy based standalone auth server

[Lucio De Re]

On Mon, Dec 02, 2002 at 09:31:49PM -0500, Russ Cox wrote:
>
> You don't need netkeys if you're not using hardware boxes.
>
I may be getting this wrong, but isn't it useful for connections
from foreign hosts?  Like telnet and FTP, for example?

++L

Re: [9fans] floppy based standalone auth server

[Russ Cox]

> I may be getting this wrong, but isn't it useful for connections
> from foreign hosts?  Like telnet and FTP, for example?

There's nothing magical about the name netkeys.
It's just convention that Plan 9 (password-based) keys
are stored in /mnt/keys whereas hardware-based keys
are stored in /mnt/netkeys.

When you use netkey (see passwd(1)), you are simulating
a SecureNet box but with a password, so /mnt/keys is the
relevant database.

Russ

Re: [9fans] floppy based standalone auth server

[YAMANASHI Takeshi]

> > >> 	0	./mnt/keys/nashi
> > what's this?  the directories under /mnt/keys

Russ is right.  It was just mistakenly created during
my try and error cycle.

> 2. "netkeys" are missing.  I'm assuming they should be included.

I create `/mnt/netkeys'.  Its meaning is not clear enough to me.

I placed my file system floppy image (DOS format) on
	http://p9c.cc.titech.ac.jp/plan9/tmp/mandos.3rd.fs.fd

Modify /bin/cpurc and /lib/ndb/local on the floppy
before the use.  Also, you will need another floppy
or something to load 9pccpu kernel.
Answer `local!fd0' to `root is from' question.

Thank you for all your kind suggestions and hope
this gives a good start.
--
YAMANASHI Takeshi

Re: [9fans] floppy based standalone auth server

[Russ Cox]

> 3. I'd like to add timesync at least and a few entries in /sys/log,
> but I suspect these are going to blow the floppy.  Any chance of
> adding fixed-length circular files to Plan 9?

why bother putting them on disk?
you could modify /sys/src/lib9p/ramfs.c
to do what you want.  then in cpurc you can do

	logfs -m /sys/log
	for(i in timesync dns cs auth ...)
		>/sys/log/$i

russ

Re: [9fans] floppy based standalone auth server

[Lucio De Re]

On Mon, Dec 02, 2002 at 04:11:02PM -0500, Russ Cox wrote:
>
> why bother putting them on disk?
> you could modify /sys/src/lib9p/ramfs.c
> to do what you want.  then in cpurc you can do
>
> 	logfs -m /sys/log
> 	for(i in timesync dns cs auth ...)
> 		>/sys/log/$i
>
Excellent idea.  I'll definitely look into it.  If I get anywhere with
it, I'll let 9fans know.

++L

Re: [9fans] floppy based standalone auth server

[Russ Cox]

>> 	0	./mnt/keys/nashi

what's this?  the directories under /mnt/keys
should be provided by keyfs rather than
be in the on-disk file system.

Re: [9fans] floppy based standalone auth server

[Lucio De Re]

On Mon, Dec 02, 2002 at 08:18:32AM -0500, Russ Cox wrote:
>
> >> 	0	./mnt/keys/nashi
>
> what's this?  the directories under /mnt/keys
> should be provided by keyfs rather than
> be in the on-disk file system.

It's a "du -a" so it's likely to have been picked up as a live entry.
I think that makes sense.  I do have a few more issues to bring up,
though.

1. "init" seems to exist only in /$cputype, not /$cputype/bin.  I
should imagine it ought to stay right there.

2. "netkeys" are missing.  I'm assuming they should be included.

3. I'd like to add timesync at least and a few entries in /sys/log,
but I suspect these are going to blow the floppy.  Any chance of
adding fixed-length circular files to Plan 9?

++L

PS: Still working on setting things up.  I'm pleased this issue has
arisen, it's been with me for quite a long time.

Re: [9fans] floppy based standalone auth server

[YAMANASHI Takeshi]

Thank you, Lucio.

I use two floppies for the auth serv.
One for kernel, and the other for fs.
Both are DOS formatted floppies.
Attached at the end of this mail is
the output of `du -a' of the fs floppy.

> The floppy drive would make this slower,
> but ramfs may be the way to speed things up if you have enough
> memory.

It seems that dossrv is serving as an cache mechanism.

	1	./plan9.nvr
	79	./386/init
	124	./386/bin/rc
	29	./386/bin/cat
	46	./386/bin/echo
	61	./386/bin/ls
	51	./386/bin/ps
	36	./386/bin/date
	86	./386/bin/ip/ipconfig
	86	./386/bin/ip
	122	./386/bin/ndb/cs
	122	./386/bin/ndb
	95	./386/bin/aux/listen
	95	./386/bin/aux
	94	./386/bin/auth/keyfs
	85	./386/bin/auth/changeuser
	126	./386/bin/auth/auth.srv
	305	./386/bin/auth
	955	./386/bin
	1034	./386
	1	./adm/timezone/local
	1	./adm/timezone
	1	./adm/keys
	1	./adm/keys.who
	3	./adm
	0	./bin
	1	./rc/bin/cpurc (*)
	0	./rc/bin/service
	1	./rc/bin/service.auth/il565
	1	./rc/bin/service.auth/il566
	1	./rc/bin/service.auth/tcp567
	3	./rc/bin/service.auth
	4	./rc/bin
	1	./rc/lib/rcmain
	1	./rc/lib
	5	./rc
	1	./lib/namespace
	1	./lib/ndb/local
	1	./lib/ndb/auth
	2	./lib/ndb
	3	./lib
	0	./mnt/keys/nashi
	0	./mnt/keys
	0	./mnt
	1046	.

--
YAMANASHI Takeshi

Re: [9fans] floppy based standalone auth server

[Lucio De Re]

On Mon, Dec 02, 2002 at 05:05:16PM +0900, YAMANASHI Takeshi wrote:
>
> I use two floppies for the auth serv.
> One for kernel, and the other for fs.

In two floppy drives, I presume.  Pity that 2.88M floppies never
became common.  But then we'd find ways to exceed their capacity :-)

> Both are DOS formatted floppies.
> Attached at the end of this mail is
> the output of `du -a' of the fs floppy.
>
Thank you.  I think I'll post a "proto" file to the wiki, this has
bugged me for a long time.

> It seems that dossrv is serving as an cache mechanism.
>
Hm, interesting.  I never considered that, but there are lots of
little things in Plan 9 that keep surprising me.

> 	1	./plan9.nvr
> 	79	./386/init
> 	124	./386/bin/rc
> 	29	./386/bin/cat
> 	46	./386/bin/echo
> 	61	./386/bin/ls
> 	51	./386/bin/ps
> 	36	./386/bin/date
> 	86	./386/bin/ip/ipconfig
> 	86	./386/bin/ip

I think you'll get away without ip and ip/ipconfig as /ipconfig should
be built into the kernel. /rc/bin/cpurc will need to be adjusted.

> 	122	./386/bin/ndb/cs
> 	122	./386/bin/ndb
> 	95	./386/bin/aux/listen
> 	95	./386/bin/aux
> 	94	./386/bin/auth/keyfs
> 	85	./386/bin/auth/changeuser
> 	126	./386/bin/auth/auth.srv
> 	305	./386/bin/auth
> 	955	./386/bin
> 	1034	./386
> 	1	./adm/timezone/local
> 	1	./adm/timezone
> 	1	./adm/keys
> 	1	./adm/keys.who
> 	3	./adm
> 	0	./bin
> 	1	./rc/bin/cpurc (*)

Did you forget some comments here?

> 	0	./rc/bin/service
> 	1	./rc/bin/service.auth/il565
> 	1	./rc/bin/service.auth/il566
> 	1	./rc/bin/service.auth/tcp567
> 	3	./rc/bin/service.auth
> 	4	./rc/bin
> 	1	./rc/lib/rcmain
> 	1	./rc/lib
> 	5	./rc
> 	1	./lib/namespace
> 	1	./lib/ndb/local

+ /lib/ndb/common - I think that appeared in 3ed, but maybe you don't
need it.

> 	1	./lib/ndb/auth
> 	2	./lib/ndb
> 	3	./lib
> 	0	./mnt/keys/nashi
> 	0	./mnt/keys
> 	0	./mnt
> 	1046	.
>
Sounds excellent, I must give it a try.

++L

Re: [9fans] floppy based standalone auth server

[Ronald G. Minnich]

would it be possible to put an 'auth filesytem' image somewhere as a
prototype? I have 8 MB in flash so serving this up would be easy ...

ron

[9fans] floppy based standalone auth server

[YAMANASHI Takeshi]

I am running a 3rd ed. auth server obtaining
its root fs from a floppy disk.

In the attempt to upgrade my plan 9 network
to 4th ed. system, this is the last machine
remaining that runs 3rd ed. system and I am
planning to upgrade this to 4th ed. based
floppy served stand alone auth server.

So, could you give me outlines about the
4th ed. auth server, like boot sequence,
changes impacted by factotum, or something.

Thank you.
--
YAMANASHI Takeshi

Re: [9fans] floppy based standalone auth server

[Lucio De Re]

On Mon, Dec 02, 2002 at 04:37:31PM +0900, YAMANASHI Takeshi wrote:
>
> I am running a 3rd ed. auth server obtaining
> its root fs from a floppy disk.
>
Valiant!

> So, could you give me outlines about the
> 4th ed. auth server, like boot sequence,
> changes impacted by factotum, or something.
>
I'd be very curious as to what that floppy contains.  I had been
considering trimming the distribution down to bare essentials for
an auth server, but never got adventurous enough.

I can suggest that you'll have a bigger kernel (add factotum) and
that you'll need access to the secure store with the associated
auth/secstored.

Other than that, my guess is that you will merely need 4ed versions
of the 3ed utilities you are presently using.  Others may be more
authoritative.

If you're willing to list the contents of the floppy you use, I
would certainly be grateful.  A "proto" file would be wonderful.

Note that crypt functions are slow on the 486SX/25 host I use for
4ed (and 3ed _and_ 2ed!!) authentication, so you may want to take
that into consideration.  The floppy drive would make this slower,
but ramfs may be the way to speed things up if you have enough
memory.

++L

Re: [9fans] floppy based standalone auth server

[Ronald G. Minnich]

On Mon, 2 Dec 2002, YAMANASHI Takeshi wrote:

> I am running a 3rd ed. auth server obtaining
> its root fs from a floppy disk.

I would sure like to learn how to do this, so I can make an auth server
that is entirely FLASH-based.

Are there hints for guys like me with little time, or even just a floppy
image :-)

ron