Re: [9fans] mysterious auth - Skip Tavakkolian

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Skip Tavakkolian <9nut@9netics.com>
To: 9fans@9fans.net
Subject: Re: [9fans] mysterious auth
Date: Fri, 22 Jan 2010 15:27:22 -0800	[thread overview]
Message-ID: <25638d2949fca1a94387ae1ab3e10fbb@9netics.com> (raw)
In-Reply-To: <126b0b011076c61e000be785dae74079@9netics.com>

in case anyone's wondering, my problem was due to the fact that keyfs
was started after aux/listen for trusted services; /mnt/keys/* wasn't
in authsrv's namespace.  in my case, i put the trusted services in
/cfg/bootes/cpurc, while keyfs was started later in the sequence of
/rc/bin/cpurc.

the default config in the distro CD could lead others to do the
same.  given that only auth needs to run keyfs and trusted services,
it would be better to create a /cfg/example.auth/cpurc that includes
keyfs and trusted services in it and remove them from /rc/bin/cpurc,
since they come after /cfg/$sysname/cpurc is run.

>> are you sure that the passwords in nvram and auth/changeuser do match
>> for bootes?
>
> pretty sure.  i've zero'ed the nvram and re-entered it. i went so far as
> stopping keyfs, zero'ing /adm/keys and /adm/keys.who and reinstalling
> bootes from scratch and restarting.  it is very puzzling.
>
> Lucio said:
>> Should you not add a "role=server" to whatever the chosen entry is?
>> It will at minimum help with debugging.
>
> i did, but the result changed only slightly; trying to connect to
> auth from another system now results in the same behavior as
> auth/debug exhibits: "no key matches".

next prev parent reply	other threads:[~2010-01-22 23:27 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-11 22:22 Skip Tavakkolian
2010-01-11 22:46 ` erik quanstrom
2010-01-12  2:10 ` Federico G. Benavento
2010-01-12  6:10   ` Skip Tavakkolian
2010-01-22 23:27     ` Skip Tavakkolian [this message]
2010-01-23  3:18       ` erik quanstrom
2010-01-23  6:12       ` lucio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=25638d2949fca1a94387ae1ab3e10fbb@9netics.com \
    --to=9nut@9netics.com \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).