[9fans] auth change? / auth for u9fs on a mac

[9fans] auth change? / auth for u9fs on a mac

[Steve Simon]

This is probably my finger trouble but just in
case I am not going mad and sothing has changed
in the last couple of months...

I have a mac running u9fs (marlin).

I don't like the idea of putting bootes password in /etc on the
mac so I give it its own host owner and secret

	$ cat /etc/u9fs.conf
		random-secret
		mac-owner
		home.quintile.net

then I have a factotum key of the form:

	hugo% grep mac-owner /mnt/factotum/ctl
		key proto=p9sk1 dom=home.quintile.net user=mac-owner !password?

I am pretty sure this has worked for several years but now it is broken:

	hugo% srv -m marlin
	post...
	srv net!marlin!9fs: mount failed: authentication failed

This should work shouldn't it?

Is there another way to do this? I tried adding another
clause to my secstore with a server=marlin tuple hoping that this
would be chosen in preference to my default p9sk1 key but it didn't
seem to work either.

how do peple do this? Are you all happy to sprinkle bootes
key onto unix machines (hard to believe)?

-Steve

Re: [9fans] auth change? / auth for u9fs on a mac

[Yaroslav]

> I am pretty sure this has worked for several years but now it is broken:

Has mac-owner's key been expired in your auth keyfs?

>Are you all happy to sprinkle bootes key onto unix machines (hard to believe)?

negative: the credentials you put in /etc/u9fs.key represent the
service, not a client. A client may be any valid user registered in
the AS. U9fs uses its key to decrypt tickets issued by the AS to
clients.

Re: [9fans] auth change? / auth for u9fs on a mac

[Anthony Sorace]

I do what you describe on several macs; it works fine. I haven't updated in a while, but what your describing is my understanding of the standard way to use p9any auth with u9fs. I use a special user created for this purpose as well.

On Jul 4, 2011, at 4:53, "Steve Simon" <steve@quintile.net> wrote:

> This is probably my finger trouble but just in
> case I am not going mad and sothing has changed
> in the last couple of months...
> 
> I have a mac running u9fs (marlin).
> 
> I don't like the idea of putting bootes password in /etc on the
> mac so I give it its own host owner and secret
> 
>    $ cat /etc/u9fs.conf
>        random-secret
>        mac-owner
>        home.quintile.net
> 
> then I have a factotum key of the form:
> 
>    hugo% grep mac-owner /mnt/factotum/ctl
>        key proto=p9sk1 dom=home.quintile.net user=mac-owner !password?
> 
> I am pretty sure this has worked for several years but now it is broken:
> 
>    hugo% srv -m marlin
>    post...
>    srv net!marlin!9fs: mount failed: authentication failed
> 
> This should work shouldn't it?
> 
> Is there another way to do this? I tried adding another
> clause to my secstore with a server=marlin tuple hoping that this
> would be chosen in preference to my default p9sk1 key but it didn't
> seem to work either.
> 
> how do peple do this? Are you all happy to sprinkle bootes
> key onto unix machines (hard to believe)?
> 
> -Steve