From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200703191347.l2JDlgt09152@zamenhof.cs.utwente.nl> To: 9fans@cse.psu.edu From: Axel Belinfante MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <9148.1174312062.1@zamenhof.cs.utwente.nl.cs.utwente.nl> Date: Mon, 19 Mar 2007 14:47:42 +0100 Subject: [9fans] factotum/802.1x catch 22? Topicbox-Message-UUID: 289e33d0-ead2-11e9-9d60-3106f5b1d025 I'm finally playing again with my 802.1x supplicant. (minor fix, adding the factotum related things russ suggested in answer to an earlier question) when I want to boot and take root from file server, I run the supplicant early in the boot process to enable access to the network. then I encounter a problem: it seems I have to start factotum both before and after the supplicant. (supplicant depends on factotum, to get keys; factotum depends on supplicant, to enable network) so, that is what I do. I'm wondering if there could be a better way. (another problem is that when I start the supplicant so early, it is started before it can see a /sys/log/file so all log messages go to the console -- and continue to go there, even after we have a root fs with /sys/log/file) what I do: I run the supplicant in /sys/src/9/boot/bootip.c:/^configip before program ipconfig is run. the supplicant uses auth_getuserpassword to get realm, user name and password, and thus I must start factotum even earlier in the boot process, before /sys/src/9/boot/boot.c: mp = rootserver(argc ? *argv : 0); (*mp->config)(mp); because that is where configip is invoked. (I also start kbmap(); earlier, just to be sure) the problem now is that when I start factotum this early, it is started before the auth addr is set (and before the network is up). therefore, when some time later it has to access the auth server, it fails to do so: it cannot access '#s/cs' while it was invoked without '-a authaddr' command line option, and thus it gives up. root fs mount fails. (also, it does not contact the secstore). therefore, I start a second factotum, at the point where it normally is started, after the rootserver() and (*mp->config)(mp); (before starting it I unmount("#s/factotum", "/mnt"); remove("#s/factotum"); to make sure the second one will start) the second factotum once more asks for the hostowner (due to the -u flag). it sees the network, and thus tries secstore. I do not kill the first factotum (should I?) - it remains running even though we cannot access it. it does still have the 802.1x related keys that I entered by hand during booting, but I guess there is no way to transfer them to the second factotum? right now I do not need these keys because the supplicant remembers them. a nicer way of using factotum would be for the supplicant to ask factotum to build the 802.1x protocol messages that need keys/passwords (such that the supplicant itself never 'touches' them), but then the fact that the second factotum does not have the 802.1x related keys would become unfortunate. so, could there be a better way? I have been thinking about additional factotum ctl messages to essentially give it some time later stuff that was not available when it was started, like - the equivalent of '-a authaddr' command line - tell it to try to access secstore to be able to have just a single instance of factotum running, but I'm not sure that would be the way to go... Axel.