* [9fans] drawterm authentication failure
@ 2007-10-22 21:26 Martin Neubauer
2007-10-22 21:33 ` andrey mirtchovski
2007-10-23 9:28 ` sqweek
0 siblings, 2 replies; 17+ messages in thread
From: Martin Neubauer @ 2007-10-22 21:26 UTC (permalink / raw)
To: 9fans
I've set up a new auth/cpu/fossil server via maht's make_cpuauth warlock.
Things went smoothly for the most part, but if I try to connect to it
drawterm does nothing for quite some time and finally prints:
cpu: can't authenticate: plan9host: auth_proxy rpc: p9any client get tickets: p9sk1: gettickets: Operation timed out
I don't quite have a clue what's going on (or, rather, not going on), but as
I can boot terminals off the system and cpu in from other plan 9 hosts it
seems that drawterm expects some network service cpu doesn't. Also, I dont
think my drawterm is broken. I can connect to mordor just fine, for example.
Baffled,
Martin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-22 21:26 [9fans] drawterm authentication failure Martin Neubauer
@ 2007-10-22 21:33 ` andrey mirtchovski
2007-10-22 22:12 ` Martin Neubauer
2007-10-23 9:28 ` sqweek
1 sibling, 1 reply; 17+ messages in thread
From: andrey mirtchovski @ 2007-10-22 21:33 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
looks like your drawterm can't connect to the authentication server's
port. are you specifying '-a' on the command line? do you have
anything filtering port 567? are you behind a nat and have to forward
it?
On 10/22/07, Martin Neubauer <m.ne@gmx.net> wrote:
> I've set up a new auth/cpu/fossil server via maht's make_cpuauth warlock.
> Things went smoothly for the most part, but if I try to connect to it
> drawterm does nothing for quite some time and finally prints:
>
> cpu: can't authenticate: plan9host: auth_proxy rpc: p9any client get tickets: p9sk1: gettickets: Operation timed out
>
> I don't quite have a clue what's going on (or, rather, not going on), but as
> I can boot terminals off the system and cpu in from other plan 9 hosts it
> seems that drawterm expects some network service cpu doesn't. Also, I dont
> think my drawterm is broken. I can connect to mordor just fine, for example.
>
> Baffled,
> Martin
>
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-22 21:33 ` andrey mirtchovski
@ 2007-10-22 22:12 ` Martin Neubauer
2007-10-22 22:22 ` erik quanstrom
0 siblings, 1 reply; 17+ messages in thread
From: Martin Neubauer @ 2007-10-22 22:12 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
* andrey mirtchovski (mirtchovski@gmail.com) wrote:
> looks like your drawterm can't connect to the authentication server's
> port. are you specifying '-a' on the command line? do you have
> anything filtering port 567? are you behind a nat and have to forward
> it?
I did specify the authserver (it's the same machine). Nat shouldn't be a
problem, because all machines in question are connected through a single
hub. It's just that cpu works, drawterm from the system next to it doesn't.
Conversely, drawterm to mordor, which lies behind a NAT'ing router, gives no
trouble.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-22 22:12 ` Martin Neubauer
@ 2007-10-22 22:22 ` erik quanstrom
2007-10-23 8:35 ` Martin Neubauer
0 siblings, 1 reply; 17+ messages in thread
From: erik quanstrom @ 2007-10-22 22:22 UTC (permalink / raw)
To: 9fans
> I did specify the authserver (it's the same machine). Nat shouldn't be a
> problem, because all machines in question are connected through a single
> hub. It's just that cpu works, drawterm from the system next to it doesn't.
> Conversely, drawterm to mordor, which lies behind a NAT'ing router, gives no
> trouble.
>
sounds like a name resolution problem.
- erik
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-22 22:22 ` erik quanstrom
@ 2007-10-23 8:35 ` Martin Neubauer
2007-10-23 11:16 ` erik quanstrom
2007-10-23 19:34 ` Lyndon Nerenberg
0 siblings, 2 replies; 17+ messages in thread
From: Martin Neubauer @ 2007-10-23 8:35 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
* erik quanstrom (quanstro@coraid.com) wrote:
> > I did specify the authserver (it's the same machine). Nat shouldn't be a
> > problem, because all machines in question are connected through a single
> > hub. It's just that cpu works, drawterm from the system next to it doesn't.
> > Conversely, drawterm to mordor, which lies behind a NAT'ing router, gives no
> > trouble.
> >
>
> sounds like a name resolution problem.
>
> - erik
I'm not sure that's the issue. The host names are mutually known (as of last
night, admittedly) and cpu with mutually unknown host names succeeds.
I might be missing something obvious, though.
Martin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-22 21:26 [9fans] drawterm authentication failure Martin Neubauer
2007-10-22 21:33 ` andrey mirtchovski
@ 2007-10-23 9:28 ` sqweek
2007-10-23 13:20 ` Martin Neubauer
1 sibling, 1 reply; 17+ messages in thread
From: sqweek @ 2007-10-23 9:28 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
On 10/23/07, Martin Neubauer <m.ne@gmx.net> wrote:
> I've set up a new auth/cpu/fossil server via maht's make_cpuauth warlock.
> Things went smoothly for the most part, but if I try to connect to it
> drawterm does nothing for quite some time and finally prints:
>
> cpu: can't authenticate: plan9host: auth_proxy rpc: p9any client get tickets: p9sk1: gettickets: Operation timed out
I only ever muddled about with auth when I was getting my plan9 box
up so I may be misremembering, but isn't gettickets related to
factotum?
Is there a factotum running on the host you're drawterming from or
are you just relying on what drawterm provides in that respect? Might
be worth a try.
-sqweek
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 8:35 ` Martin Neubauer
@ 2007-10-23 11:16 ` erik quanstrom
2007-10-23 19:34 ` Lyndon Nerenberg
1 sibling, 0 replies; 17+ messages in thread
From: erik quanstrom @ 2007-10-23 11:16 UTC (permalink / raw)
To: 9fans
> I'm not sure that's the issue. The host names are mutually known (as of last
> night, admittedly) and cpu with mutually unknown host names succeeds.
>
> I might be missing something obvious, though.
>
> Martin
snoopy is your friend!
- erik
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 9:28 ` sqweek
@ 2007-10-23 13:20 ` Martin Neubauer
2007-10-23 13:40 ` erik quanstrom
2007-10-24 9:55 ` johnny
0 siblings, 2 replies; 17+ messages in thread
From: Martin Neubauer @ 2007-10-23 13:20 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
* sqweek (sqweek@gmail.com) wrote:
> I only ever muddled about with auth when I was getting my plan9 box
> up so I may be misremembering, but isn't gettickets related to
> factotum?
> Is there a factotum running on the host you're drawterming from or
> are you just relying on what drawterm provides in that respect? Might
> be worth a try.
> -sqweek
I had indeed factotum running. after killing the process I could connect to
the plan 9 server. Looks like I've implemented some authentication self hate
on my network.
Some further digging and a peek at the archives showed that upon connecting
the following lines get appended to /mnt/factotum/log:
287: no key matches proto=9psk1 role=server dom?
287: failure no key matches proto=9psk1 role=server dom?
Also, whenever I use drawterm without factotum (which succeeds) I get
prompted for the secstore key twice. That seems a little odd to me.
Martin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 13:20 ` Martin Neubauer
@ 2007-10-23 13:40 ` erik quanstrom
2007-10-23 15:16 ` Martin Neubauer
2007-10-24 9:55 ` johnny
1 sibling, 1 reply; 17+ messages in thread
From: erik quanstrom @ 2007-10-23 13:40 UTC (permalink / raw)
To: 9fans
> I had indeed factotum running. after killing the process I could connect to
> the plan 9 server. Looks like I've implemented some authentication self hate
> on my network.
>
> Some further digging and a peek at the archives showed that upon connecting
> the following lines get appended to /mnt/factotum/log:
>
> 287: no key matches proto=9psk1 role=server dom?
> 287: failure no key matches proto=9psk1 role=server dom?
>
> Also, whenever I use drawterm without factotum (which succeeds) I get
> prompted for the secstore key twice. That seems a little odd to me.
i think there's something else going on. on the home machine i run p9p on,
i do run factotum with drawterm.
; ps auxwww|grep factotum
quanstro 4972 0.0 0.1 43648 360 ? Sl Sep13 0:00 factotum
quanstro 4975 0.0 0.0 67880 204 ? Sl Sep13 0:03 9pserve -u unix!/tmp/ns.quanstro.:0/factotum
quanstro 2202 0.0 0.2 1676 536 pts/9 S+ 09:26 0:00 grep factotum
check your profile for a path that has two calls to auth/factotum.
- erik
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 13:40 ` erik quanstrom
@ 2007-10-23 15:16 ` Martin Neubauer
2007-10-23 15:23 ` erik quanstrom
2007-10-23 20:06 ` Tim Wiess
0 siblings, 2 replies; 17+ messages in thread
From: Martin Neubauer @ 2007-10-23 15:16 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
* erik quanstrom (quanstro@quanstro.net) wrote:
> i think there's something else going on. on the home machine i run p9p on,
> i do run factotum with drawterm.
>
> ; ps auxwww|grep factotum
> quanstro 4972 0.0 0.1 43648 360 ? Sl Sep13 0:00 factotum
> quanstro 4975 0.0 0.0 67880 204 ? Sl Sep13 0:03 9pserve -u unix!/tmp/ns.quanstro.:0/factotum
> quanstro 2202 0.0 0.2 1676 536 pts/9 S+ 09:26 0:00 grep factotum
>
> check your profile for a path that has two calls to auth/factotum.
>
> - erik
I'm fairly certain that factotum is only started once. As I wrote before,
connecting to mordor works, so it seems I'm experiencing some peculiarity of
my plan 9 server that apparrently exhibits some subtle difference between
cpu and drawterm. Perhaps I should just step back a little. Not running
factotum is a workaround, but i have the feeling that ignoring the issue
will come around some day and bite me.
Thanks anyway,
Martin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 15:16 ` Martin Neubauer
@ 2007-10-23 15:23 ` erik quanstrom
2007-10-23 20:06 ` Tim Wiess
1 sibling, 0 replies; 17+ messages in thread
From: erik quanstrom @ 2007-10-23 15:23 UTC (permalink / raw)
To: 9fans
> > check your profile for a path that has two calls to auth/factotum.
> >
> > - erik
>
> I'm fairly certain that factotum is only started once. As I wrote before,
by profile, i mean lib/profile on your plan 9 box. sorry for being unclear
generally, there is a different path through lib/profile for drawterm calls.
this is part of my lib/profile from home
case cpu
if (test -e /mnt/term/mnt/wsys) {
# rio already running
wsys = /mnt/term^`{cat /mnt/term/env/wsys}
bind -a /mnt/term/mnt/wsys /dev
if(test -f /mnt/term/dev/label)
echo -n $sysname > /mnt/term/dev/label
}
bind /mnt/term/dev/cons /dev/cons
bind /mnt/term/dev/consctl /dev/consctl
bind -a /mnt/term/dev /dev
prompt=('; ' ' ')
fn cpu%{ $* }
news
if (! test -e /mnt/term/mnt/wsys) {
# cpu call from drawterm
plumber
auth/factotum
upas/fs -lb >$home/log/upasfs.log>[2=1]
exec rio
}
- erik
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 8:35 ` Martin Neubauer
2007-10-23 11:16 ` erik quanstrom
@ 2007-10-23 19:34 ` Lyndon Nerenberg
2007-10-23 19:38 ` andrey mirtchovski
1 sibling, 1 reply; 17+ messages in thread
From: Lyndon Nerenberg @ 2007-10-23 19:34 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
On 2007-Oct-23, at 01:35 , Martin Neubauer wrote:
> I might be missing something obvious, though.
At this point you're best off putting a packet sniffer on the wire
and taking a look to see what is really happening (or not happening).
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 19:34 ` Lyndon Nerenberg
@ 2007-10-23 19:38 ` andrey mirtchovski
0 siblings, 0 replies; 17+ messages in thread
From: andrey mirtchovski @ 2007-10-23 19:38 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
> At this point you're best off putting a packet sniffer on the wire
> and taking a look to see what is really happening (or not happening).
...then let us know what happened so we can finally have an answer
when google asks to "please describe a situation in which you used
tcpdump to diagnose and solve a network problem" ;)
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 15:16 ` Martin Neubauer
2007-10-23 15:23 ` erik quanstrom
@ 2007-10-23 20:06 ` Tim Wiess
2007-10-23 20:24 ` Martin Neubauer
1 sibling, 1 reply; 17+ messages in thread
From: Tim Wiess @ 2007-10-23 20:06 UTC (permalink / raw)
To: 9fans
> I'm fairly certain that factotum is only started once. As I wrote before,
> connecting to mordor works, so it seems I'm experiencing some peculiarity of
> my plan 9 server that apparrently exhibits some subtle difference between
> cpu and drawterm. Perhaps I should just step back a little. Not running
> factotum is a workaround, but i have the feeling that ignoring the issue
> will come around some day and bite me.
for P9P factotum make sure you have the relevant entries
in $PLAN9/ndb/local.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 20:06 ` Tim Wiess
@ 2007-10-23 20:24 ` Martin Neubauer
2007-10-23 20:33 ` Tim Wiess
0 siblings, 1 reply; 17+ messages in thread
From: Martin Neubauer @ 2007-10-23 20:24 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
* Tim Wiess (tim@nop.cx) wrote:
> for P9P factotum make sure you have the relevant entries
> in $PLAN9/ndb/local.
That did it. Mordor worked, obviously, because the entry is already there by
default. Embarrassing, isn't it?
Thank you all,
Martin
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 20:24 ` Martin Neubauer
@ 2007-10-23 20:33 ` Tim Wiess
0 siblings, 0 replies; 17+ messages in thread
From: Tim Wiess @ 2007-10-23 20:33 UTC (permalink / raw)
To: 9fans
> * Tim Wiess (tim@nop.cx) wrote:
>> for P9P factotum make sure you have the relevant entries
>> in $PLAN9/ndb/local.
>
> That did it. Mordor worked, obviously, because the entry is already there by
> default. Embarrassing, isn't it?
great.
some of the references in the man page need to be updated to
reflect the P9P environment vs straight Plan 9, but the text for
-a pretty much explains it.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [9fans] drawterm authentication failure
2007-10-23 13:20 ` Martin Neubauer
2007-10-23 13:40 ` erik quanstrom
@ 2007-10-24 9:55 ` johnny
1 sibling, 0 replies; 17+ messages in thread
From: johnny @ 2007-10-24 9:55 UTC (permalink / raw)
To: 9fans
yes, it seems factotum (p9p, i haven't had the chance of having two plan9 machines, which is really sad in itself) needs the authdom domain name to be resolvable, I had this problem until I started using the plan9 box as my local dns server (which, by the way is really really awesomly easy). an edit in /etc/hosts on linux is kindof a hack...doesn't scale, but it helps too.
Cheers
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2007-10-24 9:55 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-10-22 21:26 [9fans] drawterm authentication failure Martin Neubauer
2007-10-22 21:33 ` andrey mirtchovski
2007-10-22 22:12 ` Martin Neubauer
2007-10-22 22:22 ` erik quanstrom
2007-10-23 8:35 ` Martin Neubauer
2007-10-23 11:16 ` erik quanstrom
2007-10-23 19:34 ` Lyndon Nerenberg
2007-10-23 19:38 ` andrey mirtchovski
2007-10-23 9:28 ` sqweek
2007-10-23 13:20 ` Martin Neubauer
2007-10-23 13:40 ` erik quanstrom
2007-10-23 15:16 ` Martin Neubauer
2007-10-23 15:23 ` erik quanstrom
2007-10-23 20:06 ` Tim Wiess
2007-10-23 20:24 ` Martin Neubauer
2007-10-23 20:33 ` Tim Wiess
2007-10-24 9:55 ` johnny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).