From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@9fans.net Subject: Re: [9fans] CPU Server Wiki, auth/keyfs, and password for the machine. From: "Russ Cox" Date: Sat, 26 Jul 2008 12:15:28 -0400 In-Reply-To: <072620081340.24160.488B293F000A4E6C00005E602200751150050E0C040A900E9FD209@comcast.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Message-Id: <20080726161318.7D3461E8C1C@holo.morphisms.net> Topicbox-Message-UUID: f1baf464-ead3-11e9-9d60-3106f5b1d025 > In the Wiki on configuring a standalone cpu server, there is a part that > says to run auth/keyfs to provide a password for the machine. Assuming > a fresh install, this is done while logged in as glenda. > > Is this really necessary? Is it different from zeroing the nvram and > then entering authid, password, etc.? Yes, and yes. Auth/keyfs is the authentication database. It holds key info for every user in the authentication domain it serves, including whatever user the cpu server itself runs as. Filling out the nvram sets the info that gets used to initialize the cpu server's factotum. Like any other factotum, it needs to have a key that matches the one in authentication database. Auth/keyfs could plausibly preinitialize the entry for the host owner using the nvram key, and that would be fine most of the time, but not always. (It is possible to boot in one auth domain but load an auth/keyfs and be an auth server for a second domain. This is why, for example, users with accounts on the auth server sources.cs.bell-labs.com can mount its fossil but not cpu to the machine.) Russ