From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <2b55a8cbf1ec6b8edd993dcb8e8cf5cc@quanstro.net>
From: erik quanstrom <quanstro@quanstro.net>
Date: Tue, 11 Aug 2009 20:36:54 -0400
To: corey@bitworthy.net, 9fans@9fans.net
In-Reply-To: <200908111727.35715.corey@bitworthy.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] yet another installation guide
Topicbox-Message-UUID: 42ca7cf2-ead5-11e9-9d60-3106f5b1d025

> <authdomain>  - The authentication domain name used for the auth services your
> server will be supplying.

it's not a domain name.  often people make the authentication domain
the same as their dns domain, since we now live in an ip world.
but it's just a text token.  no heirarchy.  no partial matches.
no dns.  (ah, it's the small things.)

>
> <machinekey>  - A secret key assigned to the machine.

it's actually the hostowner's p9sk1 key.  typically one has just
a few hostowners per domain.  i use one at home, but since
we need a bit more involved security needs at coraid, there are a
few hostowners.

> <secstorekey>  - ???: summarize what the secstore key is.

this is the hostowner's secstore(1) password.  secstore is a
server that can be used to store a large number of secrets.
factotum automaticly contacts secstore and downloads
the file "factotum" from secstore on boot.  this allows one
to automaticly load big ssh or tls keys on boot.  very helpful
for serving tls-encrypted imap4 or smtp.

- erik