From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <57f0130a29ea0caf1061e4157721f85d@felloff.net> Date: Tue, 15 Nov 2016 21:12:25 +0100 From: cinap_lenrek@felloff.net To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] Maintenance of an auth server files vs a dns+dhcp+tftp server Topicbox-Message-UUID: ab1ac2f4-ead9-11e9-9d60-3106f5b1d025 > Is this the reason that it is actually possible to boot a combined > auth/cpu/file server at all? no. the reason this works is that the fileserver and authserver share the same key (authid and password) so factotum can make up auth tickets using the key it already knows, skipping the authentication server. this is expecially true if everything runs on a combined cpu/fs/auth, then factotum basically talks to itself thru the 9p auth file thru the fileserver :-) note this also happens when you boot off a cpu server from its own local fileserver. for a stand alone terminal with a local disk you wont neccesarily have a key so you have to disable authentication on your local disk fileserver in that case. this mechanism is also usefull when your authentication server is unreachable or offline. then you can still logon as the hostowner of the affected machine. the fact that the key comes from nvram is irrelevant. if it where not there factotum will prompt for the information on boot (cpu/file servers only). -- cinap