From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [9fans] auth on terminal Message-ID: <81132473206F3A46A72BD6116E1A06AE056177@black.aprote.com> From: "Tiit Lankots" To: <9fans@cse.psu.edu> Date: Thu, 25 Mar 2004 18:16:17 +0200 Topicbox-Message-UUID: 42a518d4-eacd-11e9-9e20-41e7f4b1d025 > -----Original Message----- > From: 9fans-admin@cse.psu.edu=20 > [mailto:9fans-admin@cse.psu.edu]On Behalf Of=20 > plan9fans@ntlworld.nospam.com > Sent: Thursday, March 25, 2004 5:45 PM > To: 9fans@cse.psu.edu > Subject: [9fans] auth on terminal >=20 >=20 > Thanks for the help guys but I'am still not there. >=20 > >...then your factotums are nonpersistent. > My factotum's state is sort-of persistant as I run=20 > auth/aescbc -d < /n/cdrom/secrets | read -m > /mnt/factotum/ctl > in my profile to populate it. >=20 > > ...keyfs and authsrv in the same namespace, > During my attempts to run auth/keyfs it was in the same namespace > as aux/listen, they where started on the command line in a Rio window. >=20 > >...nvram setup + factotum -S should solve your problems. > If I run factotum -S and populate it then I guess it would stop > the password prompts from behind rio (I have not tried, see below). >=20 > > ..-- auth/debug is your friend > If I don't run the authserver then auth/debug says I have a problem, > however if I do run the auth server it is happy, on bowth systems.=20 >=20 > However I now think I don't need an auth server as all I want > is a direct connection between two machines, both running as me. >=20 > I tried turning on factotums debug but the issue wasn't "obvious" > Again I did: >=20 > cpu -h paris > !Adding key: proto=3Dp9sk1 dom=3Dquintile.net > user[steve]:=20 > !Adding key: proto=3Dp9sk1 dom=3Dquintile.net > user[steve]:=20 > ... >=20 > Factotum debug from larch >=20 Whaddayaknow, man pages + source can be really informative :) It turns out that factotum is not used on the auth server at all.=20 Authsrv uses keyfs to get to it's auth data. Keyfs database (/adm/keys) is encrypted with the server's key, stored in nvram. So you'll need to 1. auth/wrkey (if you don't want to type a password each startup), or 2. run auth/keyfs -p in termrc (this prompts for password) The 'Configuring a Standalone CPU Server' page in Wiki gives a=20 decent rundown.