Re: [9fans] Remote auth server

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Remote auth server
Date: Mon, 24 Mar 2014 10:09:34 -0400	[thread overview]
Message-ID: <367fe014777c643663f1c18bcbc3659a@brasstown.quanstro.net> (raw)
In-Reply-To: <CAOotBeL=pVM9nGiae3aOHe_F9WnB-_kUaj3JdVJmPuk_HF4faw@mail.gmail.com>

> But is it actually possible to have the auth server and terminal not
> on the same LAN? Every configuration example I've seen has all the
> resources on the same IP address block.

yes.  i used to run a single authentication server for 2 sites.
you'll need to make sure the auth server is announcing the
right services on the right ports.  assuming that you're using
net.alt (adjust to /net if not)

	aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service.ext /net.alt/tcp

you'll need tcp567 in that directory.  if you have !tcp567 in that
directory, you can simply rename it.

additionally, it helps to have the following entries in your ndb
files.  here's

authdom=myauthdom auth=myauthserver

if you're using dhcp, it helps to have an entry that looks
like the following.  this will allow cs (through !ipinfo see
ndbipinfo in ndb(2)) to associate the correct auth server
with every machine on this subnet.  (unless overridden in
a specific entry.)

this is an example from 9atom.org

ipnet=labs.9atom.org ip=10.220.0.0 ipmask=/112
	fs=land.9atom.org
	gw=gw.9atom.org
	auth=atta.9atom.org
	dns=10.220.1.10
	dnsdomain=9atom.org
	ipgw=10.220.10.1

- erik

next prev parent reply	other threads:[~2014-03-24 14:09 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-24 13:35 Paul A. Anokhin
2014-03-24 13:53 ` Ingo Krabbe
2014-03-24 14:11   ` cinap_lenrek
2014-03-24 14:16     ` erik quanstrom
2014-03-24 14:09 ` erik quanstrom [this message]
2014-03-24 15:41   ` Paul A. Anokhin
2014-03-24 16:34     ` erik quanstrom

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=367fe014777c643663f1c18bcbc3659a@brasstown.quanstro.net \
    --to=quanstro@quanstro.net \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).