From: "Tiit Lankots" <t.lankots@aprote.ee>
To: <9fans@cse.psu.edu>
Subject: RE: [9fans] auth on terminal
Date: Thu, 25 Mar 2004 18:16:17 +0200 [thread overview]
Message-ID: <81132473206F3A46A72BD6116E1A06AE056177@black.aprote.com> (raw)
> -----Original Message-----
> From: 9fans-admin@cse.psu.edu
> [mailto:9fans-admin@cse.psu.edu]On Behalf Of
> plan9fans@ntlworld.nospam.com
> Sent: Thursday, March 25, 2004 5:45 PM
> To: 9fans@cse.psu.edu
> Subject: [9fans] auth on terminal
>
>
> Thanks for the help guys but I'am still not there.
>
> >...then your factotums are nonpersistent.
> My factotum's state is sort-of persistant as I run
> auth/aescbc -d < /n/cdrom/secrets | read -m > /mnt/factotum/ctl
> in my profile to populate it.
>
> > ...keyfs and authsrv in the same namespace,
> During my attempts to run auth/keyfs it was in the same namespace
> as aux/listen, they where started on the command line in a Rio window.
>
> >...nvram setup + factotum -S should solve your problems.
> If I run factotum -S and populate it then I guess it would stop
> the password prompts from behind rio (I have not tried, see below).
>
> > ..-- auth/debug is your friend
> If I don't run the authserver then auth/debug says I have a problem,
> however if I do run the auth server it is happy, on bowth systems.
>
> However I now think I don't need an auth server as all I want
> is a direct connection between two machines, both running as me.
>
> I tried turning on factotums debug but the issue wasn't "obvious"
> Again I did:
>
> cpu -h paris
> !Adding key: proto=p9sk1 dom=quintile.net
> user[steve]:
> !Adding key: proto=p9sk1 dom=quintile.net
> user[steve]:
> ...
>
> Factotum debug from larch
>
Whaddayaknow, man pages + source can be really informative :)
It turns out that factotum is not used on the auth server at all.
Authsrv uses keyfs to get to it's auth data.
Keyfs database (/adm/keys) is encrypted with the server's key,
stored in nvram.
So you'll need to
1. auth/wrkey (if you don't want to type a password each startup), or
2. run auth/keyfs -p in termrc (this prompts for password)
The 'Configuring a Standalone CPU Server' page in Wiki gives a
decent rundown.
next reply other threads:[~2004-03-25 16:16 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-25 16:16 Tiit Lankots [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-03-25 15:45 plan9fans
2004-03-25 15:14 Tiit Lankots
2004-03-25 15:09 Tiit Lankots
2004-03-25 15:00 Tiit Lankots
2004-03-25 15:09 ` andrey mirtchovski
2004-03-25 15:10 ` andrey mirtchovski
2004-03-25 13:36 plan9fans
2004-03-25 13:43 ` Fco.J.Ballesteros
2004-03-25 13:55 ` David Presotto
2004-03-25 14:51 ` Steve Simon
2004-03-25 15:31 ` Richard Miller
2004-03-25 14:00 ` Richard Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=81132473206F3A46A72BD6116E1A06AE056177@black.aprote.com \
--to=t.lankots@aprote.ee \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).