From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Tue, 6 May 2008 16:38:13 -0400 From: Nathaniel W Filardo To: rog@vitanuova.com Message-ID: <20080506203813.GR4503@peregrine.cs.jhu.edu> References: <20080505154136.GP4503@peregrine.cs.jhu.edu> <5932ecefbd9063a70069a114a0a37b26@vitanuova.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="PPxI8paQBs33t8dK" Content-Disposition: inline In-Reply-To: <5932ecefbd9063a70069a114a0a37b26@vitanuova.com> User-Agent: Mutt/1.4i Cc: 9fans@9fans.net Subject: Re: [9fans] infauth factotum bug? Topicbox-Message-UUID: a0630142-ead3-11e9-9d60-3106f5b1d025 --PPxI8paQBs33t8dK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 06, 2008 at 01:10:12PM +0100, rog@vitanuova.com wrote: > i haven't used the inferno 9auth stuff to log in as more > than one user, hence i guess i wouldn't have tickled that bug. >=20 > what does 'cat /mnt/factotum/ctl' report after adding the key for user=3D= nwf? I'm really confused now; I'm going to forward this to 9fans in hopes that somebody can explain. [For those of you now joining the conversation, the original, off-list thread was started because Inferno's factotum and infauth wouldn't let me play the first dance here; the second 9cpu, with -k 'user=3Dbootes' still logged me in as nwf without prompting for a key.] On my Plan 9 terminal, if I run term% echo delkey > /mnt/factotum/ctl term% cpu -h sea.cs.jhu.edu -k 'user=3Dnwf' [add key dance] cpu% exit term% cpu -h sea.cs.jhu.edu -k 'user=3Dbootes' [add key dance] sea# exit term% cat /mnt/factotum/ctl key proto=3Dp9sk1 dom=3Dacm.jhu.edu user=3Dnwf password! key proto=3Dp9sk1 dom=3Dacm.jhu.edu user=3Dbootes password! This is as I expect. But if I reverse the order of the cpu commands, I don't get asked for nwf@'s password. If I then try to log in as another real user on the system, I get asked for that user's password. term% echo delkey > /mnt/factotum/ctl term% cpu -h sea.cs.jhu.edu -k 'user=3Dbootes' [add key dance] sea# term% cpu -h sea.cs.jhu.edu -k 'user=3Dnwf' [no key dance is necessary] cpu% term% cpu -h sea.cs.jhu.edu -k 'user=3Dme' !Adding key: dom=3Dacm.jhu.edu proto=3Dp9sk1 user=3Dme [I don't know me@'s password, so I abort by pressing Del.] cpu: can't authenticate: sea.cs.jhu.edu: auth_proxy rpc write: p9sk1@acm.jhu.edu: '/factotum' file does not exist. term% cat /mnt/factotum/ctl key proto=3Dp9sk1 dom=3Dacm.jhu.edu user=3Dbootes password! sea's /lib/ndb/auth contains the usual speaksfor relationship: hostid=3Dbootes uid=3D!sys uid=3D!adm uid=3D* sea's /lib/keys.who contains: bootes|bootes host owner|bootes|JHUACM|officers@acm.jhu.edu|officers@acm.= jhu.edu nwf|nwf|Nathaniel Wesley Filardo|JHUACM|nwf@acm.jhu.edu|officers@acm.jhu.= edu me||Venkatesh Srinivas|JHUACM|me@acm.jhu.edu|officers@acm.jhu.edu sea's /lib/users contains: adm:adm:adm:sys,bootes glenda:glenda:glenda: bootes:bootes:: me:me:: nwf:nwf:: sys:sys::glenda,me,nwf,bootes My username on my terminal is nwf. The question is: why don't I have to present a password to log in as nwf@ after I have logged in as bootes? Why doesn't this explanation hold for me@? Thanks much. --nwf; --PPxI8paQBs33t8dK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (SunOS) iD8DBQFIIMG0TeQabvr9Tc8RAgoxAJ0VLUMn+fMmam92Tu1upf77qBYWIwCghyyd FITrcLUJNnzV5/dsofTO+Uw= =gT/+ -----END PGP SIGNATURE----- --PPxI8paQBs33t8dK--