* [9fans] auth change? / auth for u9fs on a mac
@ 2011-07-04 11:53 Steve Simon
2011-07-04 12:14 ` Yaroslav
2011-07-04 19:36 ` Anthony Sorace
0 siblings, 2 replies; 3+ messages in thread
From: Steve Simon @ 2011-07-04 11:53 UTC (permalink / raw)
To: 9fans
This is probably my finger trouble but just in
case I am not going mad and sothing has changed
in the last couple of months...
I have a mac running u9fs (marlin).
I don't like the idea of putting bootes password in /etc on the
mac so I give it its own host owner and secret
$ cat /etc/u9fs.conf
random-secret
mac-owner
home.quintile.net
then I have a factotum key of the form:
hugo% grep mac-owner /mnt/factotum/ctl
key proto=p9sk1 dom=home.quintile.net user=mac-owner !password?
I am pretty sure this has worked for several years but now it is broken:
hugo% srv -m marlin
post...
srv net!marlin!9fs: mount failed: authentication failed
This should work shouldn't it?
Is there another way to do this? I tried adding another
clause to my secstore with a server=marlin tuple hoping that this
would be chosen in preference to my default p9sk1 key but it didn't
seem to work either.
how do peple do this? Are you all happy to sprinkle bootes
key onto unix machines (hard to believe)?
-Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9fans] auth change? / auth for u9fs on a mac
2011-07-04 11:53 [9fans] auth change? / auth for u9fs on a mac Steve Simon
@ 2011-07-04 12:14 ` Yaroslav
2011-07-04 19:36 ` Anthony Sorace
1 sibling, 0 replies; 3+ messages in thread
From: Yaroslav @ 2011-07-04 12:14 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
> I am pretty sure this has worked for several years but now it is broken:
Has mac-owner's key been expired in your auth keyfs?
>Are you all happy to sprinkle bootes key onto unix machines (hard to believe)?
negative: the credentials you put in /etc/u9fs.key represent the
service, not a client. A client may be any valid user registered in
the AS. U9fs uses its key to decrypt tickets issued by the AS to
clients.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [9fans] auth change? / auth for u9fs on a mac
2011-07-04 11:53 [9fans] auth change? / auth for u9fs on a mac Steve Simon
2011-07-04 12:14 ` Yaroslav
@ 2011-07-04 19:36 ` Anthony Sorace
1 sibling, 0 replies; 3+ messages in thread
From: Anthony Sorace @ 2011-07-04 19:36 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
I do what you describe on several macs; it works fine. I haven't updated in a while, but what your describing is my understanding of the standard way to use p9any auth with u9fs. I use a special user created for this purpose as well.
On Jul 4, 2011, at 4:53, "Steve Simon" <steve@quintile.net> wrote:
> This is probably my finger trouble but just in
> case I am not going mad and sothing has changed
> in the last couple of months...
>
> I have a mac running u9fs (marlin).
>
> I don't like the idea of putting bootes password in /etc on the
> mac so I give it its own host owner and secret
>
> $ cat /etc/u9fs.conf
> random-secret
> mac-owner
> home.quintile.net
>
> then I have a factotum key of the form:
>
> hugo% grep mac-owner /mnt/factotum/ctl
> key proto=p9sk1 dom=home.quintile.net user=mac-owner !password?
>
> I am pretty sure this has worked for several years but now it is broken:
>
> hugo% srv -m marlin
> post...
> srv net!marlin!9fs: mount failed: authentication failed
>
> This should work shouldn't it?
>
> Is there another way to do this? I tried adding another
> clause to my secstore with a server=marlin tuple hoping that this
> would be chosen in preference to my default p9sk1 key but it didn't
> seem to work either.
>
> how do peple do this? Are you all happy to sprinkle bootes
> key onto unix machines (hard to believe)?
>
> -Steve
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-07-04 19:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-04 11:53 [9fans] auth change? / auth for u9fs on a mac Steve Simon
2011-07-04 12:14 ` Yaroslav
2011-07-04 19:36 ` Anthony Sorace
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).