Re: [9fans] Drawterm vs Autentication Server

Re: [9fans] Drawterm vs Autentication Server

[presotto]

There's nothing special about the auth server except for who knows
that its the auth server.  You can always start auth/keyfs and run
aux/listen -t /rc/bin/service.auth on any machine and transform it
into an auth server.

If you want no authentication, you can change both cpu and drawterm.  If
you look closely at the cpu command, you'll see that it negotiates
authentication mechanism.  If you change cpu.c and drawterm.c to allow
a null authentication mechanism, you'll have what you want.  Look at
authmethod in both programs.

Re: [9fans] Drawterm vs Authentication Server

[Alexander Povolotsky]

I was under the impression (per following e-mail, I am attaching below ),
that on the
terminal Plan 9 machine, there will be a problem with running keyfs. in
regards to readable /dev/key........

-----Original Message-----
From: Russ Cox [mailto:rsc@plan9.bell-labs.com]
Sent: Wednesday, April 18, 2001 10:18 AM
To: ap80@lucent.com
Subject: RE: FW: drawterm connection failure


You need to set up an authentication server.
That's a bit more complex.  You need to start
by running auth/keyfs (see the man page) and
then adding users with auth/changeuser.

To run the keyfs, though, you need to
have a readable /dev/key (normally found only
on cpu servers).

The easiest way to do this
is build a new kernel.  Specifically, edit /sys/src/9/port/auth.c,
and in the keyread() function change

 if(!cpuserver || !iseve())
  error(Eperm);

to

 if(!iseve())
  error(Eperm);

and then rebuild your kernel.

Russ

<presotto@plan9.bell-labs.com> wrote in message
news:20010424123215.A0CC919AEA@mail.cse.psu.edu...
> There's nothing special about the auth server except for who knows
> that its the auth server.  You can always start auth/keyfs and run
> aux/listen -t /rc/bin/service.auth on any machine and transform it
> into an auth server.
>
> If you want no authentication, you can change both cpu and drawterm.  If
> you look closely at the cpu command, you'll see that it negotiates
> authentication mechanism.  If you change cpu.c and drawterm.c to allow
> a null authentication mechanism, you'll have what you want.  Look at
> authmethod in both programs.

Re: [9fans] Drawterm vs Authentication Server

[Jonathan Sergent]

> I was under the impression (per following e-mail, I am attaching below ),
> that on the
> terminal Plan 9 machine, there will be a problem with running keyfs. in
> regards to readable /dev/key........

It'll prompt you for the key at startup.  I have done this.  It
works just fine (cpu, drawterm, ssh, telnet, etc.).

Rebuilding the kernel is not hard, nor does it take very long.

Re: [9fans] Drawterm vs Authentication Server

[Alexander Povolotsky]

I decided to try for user "bootes" - may be I am still missing something or
doing wrong -
I am getting the following message when changing to user bootes and
providing the password
 now on the "drawterm" side:
" ?AS protocol botch: file does not exist"

What is the meaning of this "cryptic" message ?

"Jonathan Sergent" <sergent@io.com> wrote in message
news:E14s5zx-00093a-00@c61066-a.frmt1.sfba.home.com...
> > I was under the impression (per following e-mail, I am attaching
below ),
> > that on the
> > terminal Plan 9 machine, there will be a problem with running keyfs. in
> > regards to readable /dev/key........
>
> It'll prompt you for the key at startup.  I have done this.  It
> works just fine (cpu, drawterm, ssh, telnet, etc.).
>
> Rebuilding the kernel is not hard, nor does it take very long.

Re: [9fans] Drawterm vs Authentication Server

[forsyth]

>>I was under the impression (per following e-mail, I am attaching below ),
>>that on the
>>terminal Plan 9 machine, there will be a problem with running keyfs. in
>>regards to readable /dev/key........

% auth/keyfs -p
Password:
22 keys read
% ls /mnt/keys
/mnt/keys/baldwin
/mnt/keys/bootes
/mnt/keys/chris
/mnt/keys/dla
/mnt/keys/forsyth
/mnt/keys/glenda
	...

i suppose i could run aux/listen ... in this space.

i thought that authfs might help generate special versions
of the auth files but it might not matter in this case.