Re: [9fans] Maintenance of an auth server files vs a dns+dhcp+tftp server

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: cinap_lenrek@felloff.net
To: 9fans@9fans.net
Subject: Re: [9fans] Maintenance of an auth server files vs a dns+dhcp+tftp server
Date: Tue, 15 Nov 2016 21:12:25 +0100	[thread overview]
Message-ID: <57f0130a29ea0caf1061e4157721f85d@felloff.net> (raw)
In-Reply-To: <CAHqDL__e6BCxfExv9FqnPU82Ow8Oa9q5nVgBPi-No2CpECBVYg@mail.gmail.com>

> Is this the reason that it is actually possible to boot a combined
> auth/cpu/file server at all?

no. the reason this works is that the fileserver and authserver share
the same key (authid and password) so factotum can make up auth tickets
using the key it already knows, skipping the authentication server.

this is expecially true if everything runs on a combined cpu/fs/auth,
then factotum basically talks to itself thru the 9p auth file thru the
fileserver :-)

note this also happens when you boot off a cpu server from its own
local fileserver. for a stand alone terminal with a local disk you
wont neccesarily have a key so you have to disable authentication
on your local disk fileserver in that case.

this mechanism is also usefull when your authentication server is
unreachable or offline. then you can still logon as the hostowner
of the affected machine.

the fact that the key comes from nvram is irrelevant. if it where not
there factotum will prompt for the information on boot (cpu/file
servers only).

--
cinap

next prev parent reply	other threads:[~2016-11-15 20:12 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-15 17:00 James A. Robinson
2016-11-15 17:10 ` Steve Simon
2016-11-16  0:21   ` cinap_lenrek
2016-11-16  0:24     ` James A. Robinson
2016-11-15 18:47 ` Stanley Lieber
2016-11-15 18:53   ` James A. Robinson
2016-11-15 19:05     ` Stanley Lieber
2016-11-15 19:22       ` James A. Robinson
2016-11-15 19:52       ` Ole-Hjalmar Kristensen
2016-11-15 20:06         ` Stanley Lieber
2016-11-15 20:12         ` cinap_lenrek [this message]
2016-11-16 13:21       ` Anthony Sorace
2016-11-16 15:31         ` Stanley Lieber

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57f0130a29ea0caf1061e4157721f85d@felloff.net \
    --to=cinap_lenrek@felloff.net \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).