[9fans] Authentication debugging help?

[David Eckhardt <davide+p9@cs.cmu.edu>]

I'm trying to set up a machine to be a fossil/venti file
server plus auth server (I'll tackle a CPU server later).

What I have working so far:

1. Followed standard installation (9pcf kernel, fossil)
   (This includes finding, I believe, an installer bug,
   which I will be happy to document once I have this
   thing working).

2. Branded fossil & venti information onto their respective
   partitions, took an archival snapshot..that all seems to
   work ok.

3. Built 9pccpuf kernel, edited /rc/bin/cpurc.  This
   appears to boot and work ok.

BUT when I try to boot a second machine from the "boot floppy"
the installer made for me (9pcdisk kernel?), the client panics.
I apologize for having left my notes (including the exact panic
message) home with the machine, but it dies very early and I
wasn't able to match the complaint to anything obvious in the
sources.

So, some questions:

1. The initial chunk of the "Data Base" section of authsrv(6),
discussing /lib/ndb/auth, is confusing me.  The text and
comments seem to suggest that "hostid=bootes" refers to a
machine named "bootes" (though I don't see "hostid" used
in ndb(6) to designate machines, only "dom" and "sys").
In fact, it explicitly says "client host's ID".

But in the "Network Database" section of the Wiki's
"Configuring a standalone CPU_server" page, it says

  "Uncomment the two lines indicated in /lib/ndb/auth
  to say that the cpu server owner is allowed to become
  any other user (given the appropriate credentials)".

This sure sounds like "bootes" is a USER, not a "client
host's ID".  And at the top of that document it says

  "You can decide what name to give your cpu server owner.
  This is the user that all the cpu servers run as. We'll
  name the user 'bootes'; it is recommended that you also
  choose 'bootes' as it will appear in the instructions
  frequently."

Again, here it seems inexorable that "bootes" is a user.
Which way is up?  More to the point, what belongs in my
/lib/ndb/auth file?

2. Can somebody give me some step-by-step suggestions of
things to verify?  Things like "On your fs/auth server you
should have a foo process, which you should see in ps, which
should be offering /mnt/xxx and /srv/xxx and there should be
a /rc/bin/service.auth/ilYYY file and if you "telnet srvname YYY"
the greeting should be "zzz".

3. Likewise, I would appreciate any detailed suggestions about
how to simulate the terminal-booting-from-server process from
an outside machine, things like "boot the installer CD-ROM on
the client, login in as "none", set auth=srvname, run auth/keyfs,
then auth/factotum, ..."

4. From grubbing around on the server, it's not clear that
the secstore daemon is running.  At least I don't see
something in /rc/bin/service.auth or /rc/bin/cpurc which
would start it...or am I overlooking something obvious?
Can fossil on the server authenticate clients without
its factotum (running as bootes) having access to its
key(s)?

Dave Eckhardt