Re: [9fans] yet another installation guide

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: erik quanstrom <quanstro@quanstro.net>
To: corey@bitworthy.net, 9fans@9fans.net
Subject: Re: [9fans] yet another installation guide
Date: Tue, 11 Aug 2009 20:36:54 -0400	[thread overview]
Message-ID: <2b55a8cbf1ec6b8edd993dcb8e8cf5cc@quanstro.net> (raw)
In-Reply-To: <200908111727.35715.corey@bitworthy.net>

> <authdomain>  - The authentication domain name used for the auth services your
> server will be supplying.

it's not a domain name.  often people make the authentication domain
the same as their dns domain, since we now live in an ip world.
but it's just a text token.  no heirarchy.  no partial matches.
no dns.  (ah, it's the small things.)

>
> <machinekey>  - A secret key assigned to the machine.

it's actually the hostowner's p9sk1 key.  typically one has just
a few hostowners per domain.  i use one at home, but since
we need a bit more involved security needs at coraid, there are a
few hostowners.

> <secstorekey>  - ???: summarize what the secstore key is.

this is the hostowner's secstore(1) password.  secstore is a
server that can be used to store a large number of secrets.
factotum automaticly contacts secstore and downloads
the file "factotum" from secstore on boot.  this allows one
to automaticly load big ssh or tls keys on boot.  very helpful
for serving tls-encrypted imap4 or smtp.

- erik

next prev parent reply	other threads:[~2009-08-12  0:36 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <af64fb3042985ab534a589f034832434@quanstro.net>
2009-08-12  0:27 ` Corey
2009-08-12  0:36   ` erik quanstrom [this message]
2009-08-11  5:00 Corey
2009-08-11  5:34 ` erik quanstrom
2009-08-11  5:37   ` John Floren
2009-08-12  0:32     ` Corey
2009-08-12  0:40       ` John Floren
2009-08-12  1:08         ` Bruce Ellis
2009-08-12  3:10           ` Charles Forsyth
2009-08-12  3:39             ` Bruce Ellis
2009-08-13 11:05         ` Corey

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2b55a8cbf1ec6b8edd993dcb8e8cf5cc@quanstro.net \
    --to=quanstro@quanstro.net \
    --cc=9fans@9fans.net \
    --cc=corey@bitworthy.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).