* [9fans] Authenticated mounts from non-plan9 systems
@ 2007-10-30 11:05 johnny
2007-10-30 13:44 ` Eric Van Hensbergen
2007-10-30 14:08 ` Anthony Sorace
0 siblings, 2 replies; 8+ messages in thread
From: johnny @ 2007-10-30 11:05 UTC (permalink / raw)
To: 9fans
Hi eveyone!
I've been a fan of plan9 for quite a while, using it whenever I had a machine that would run it.
Now I have a small network of machines at home, with one plan9 auth+cpu+fs server (yeah, I know that's not much, but I don't have any more hardware that would run it).
I'd like to be able to mount the exports on that machine to other machines (mostly linux): I've been able to get a non-authenticated mount via p9p, but I can't seem to be able to get an authenticated mount. srv says there is no authentication needed. I was wondering if this was a p9p limitation or wether my cpu+auth+fs server was missing something, or if I was doing something wrong.
Here is how I am mounting it right now:
$ srv -a sorosj.hd.free.fr
rx: exportfs: authentication not required
so there is no authentication, though I can do
$ 9 mount `namespace`/sorosj.hd.free.fr /tmp/tmp
and then I can see my root, but I can't write to it. This is regardless of wether I supply mount with authentication parameters or not (eg. -o user=$USER,....,proto=UNIX )
Any help would be greatly appreaciated.
Thanks!
Johnny
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Authenticated mounts from non-plan9 systems
2007-10-30 11:05 [9fans] Authenticated mounts from non-plan9 systems johnny
@ 2007-10-30 13:44 ` Eric Van Hensbergen
2007-10-31 9:54 ` johnny
2007-10-30 14:08 ` Anthony Sorace
1 sibling, 1 reply; 8+ messages in thread
From: Eric Van Hensbergen @ 2007-10-30 13:44 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
On 10/30/07, johnny@sorosj.hd.free.fr <johnny@sorosj.hd.free.fr> wrote:
> Hi eveyone!
> I've been a fan of plan9 for quite a while, using it whenever I had a machine that would run it.
> Now I have a small network of machines at home, with one plan9 auth+cpu+fs server (yeah, I know that's not much, but I don't have any more hardware that would run it).
> I'd like to be able to mount the exports on that machine to other machines (mostly linux): I've been able to get a non-authenticated mount via p9p, but I can't seem to be able to get an authenticated mount. srv says there is no authentication needed. I was wondering if this was a p9p limitation or wether my cpu+auth+fs server was missing something, or if I was doing something wrong.
> Here is how I am mounting it right now:
> $ srv -a sorosj.hd.free.fr
> rx: exportfs: authentication not required
>
> so there is no authentication, though I can do
> $ 9 mount `namespace`/sorosj.hd.free.fr /tmp/tmp
>
> and then I can see my root, but I can't write to it. This is regardless of wether I supply mount with authentication parameters or not (eg. -o user=$USER,....,proto=UNIX )
> Any help would be greatly appreaciated.
If this is using v9fs under the hood, I believe you'll need to supply
uid/gid parameters as well as authentication. Non-9p2000.u mounts
(ie. mounting p9p apps or plan9) don't have uid mapping.
Otherwise turn on debug (-o debug=0xff) and send a trace to
v9fs-developer and we'll see if can figure out what is going on.
-eric
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Authenticated mounts from non-plan9 systems
2007-10-30 11:05 [9fans] Authenticated mounts from non-plan9 systems johnny
2007-10-30 13:44 ` Eric Van Hensbergen
@ 2007-10-30 14:08 ` Anthony Sorace
2007-10-31 9:55 ` johnny
1 sibling, 1 reply; 8+ messages in thread
From: Anthony Sorace @ 2007-10-30 14:08 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
How are you exporting things from you Plan 9 system? It doesn't sound
to me like your server is expecting authentication, as if you're
running exportfs without -a.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Authenticated mounts from non-plan9 systems
2007-10-30 13:44 ` Eric Van Hensbergen
@ 2007-10-31 9:54 ` johnny
0 siblings, 0 replies; 8+ messages in thread
From: johnny @ 2007-10-31 9:54 UTC (permalink / raw)
To: 9fans
Well, I think the problem is that srv tells me that authentication is not required, for the mount line, it doesn't matter what options I give mount.
Cheers
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Authenticated mounts from non-plan9 systems
2007-10-30 14:08 ` Anthony Sorace
@ 2007-10-31 9:55 ` johnny
2007-10-31 10:05 ` johnny
0 siblings, 1 reply; 8+ messages in thread
From: johnny @ 2007-10-31 9:55 UTC (permalink / raw)
To: 9fans
I am not sure where it is I should be running it, but my guess is it's somewhere in /rc/bin/service or service.auth, I'll look into it, I have a feeling that this is going to be the key.
Thanks!
Johnny
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Authenticated mounts from non-plan9 systems
2007-10-31 9:55 ` johnny
@ 2007-10-31 10:05 ` johnny
2007-10-31 11:15 ` Russ Cox
0 siblings, 1 reply; 8+ messages in thread
From: johnny @ 2007-10-31 10:05 UTC (permalink / raw)
To: 9fans
Well, I tried to find the place where exportfs should go, I did
grep exportfs *
in /rc/bin/services, this found 4 matches, 2 of which are il and disabled, the two other are tcp17007 (cpu, iirc), and tcp564.
tcp17007:exec /bin/exportfs -a -A $netdir
tcp564:exec /bin/exportfs -s
So I guess /rc/bin/service/tcp564 (9fs) should be
exec /bin/exportfs -s -a
?
Cheers
Johnny
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Authenticated mounts from non-plan9 systems
2007-10-31 10:05 ` johnny
@ 2007-10-31 11:15 ` Russ Cox
2007-10-31 11:18 ` johnny
0 siblings, 1 reply; 8+ messages in thread
From: Russ Cox @ 2007-10-31 11:15 UTC (permalink / raw)
To: 9fans
> Well, I tried to find the place where exportfs should go, I did
> grep exportfs *
> in /rc/bin/services, this found 4 matches, 2 of which are il and disabled, the two other are tcp17007 (cpu, iirc), and tcp564.
> tcp17007:exec /bin/exportfs -a -A $netdir
> tcp564:exec /bin/exportfs -s
> So I guess /rc/bin/service/tcp564 (9fs) should be
> exec /bin/exportfs -s -a
Actually I don't believe there are any flags you can give
to exportfs that will make it authenticate during 9p using
Tauth/Rauth. Exportfs -a will run authentication before
starting 9P, not during 9P. This has the added benefit of
establishing a shared secret that will be used to encrypt
the connection with SSL.
If you want authentication during 9P, your best bet is
probably to use the fossil console `listen' command
to make fossil announce to the network directly.
Russ
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] Authenticated mounts from non-plan9 systems
2007-10-31 11:15 ` Russ Cox
@ 2007-10-31 11:18 ` johnny
0 siblings, 0 replies; 8+ messages in thread
From: johnny @ 2007-10-31 11:18 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 106 bytes --]
Ah okay, I understand.
So I should add a listen command to the fossil config, I guess?
Thanks!
Johnny
[-- Attachment #2: Type: message/rfc822, Size: 3113 bytes --]
From: "Russ Cox" <rsc@swtch.com>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Authenticated mounts from non-plan9 systems
Date: Wed, 31 Oct 2007 07:15:10 -0400
Message-ID: <20071031111511.B62C21E8C22@holo.morphisms.net>
> Well, I tried to find the place where exportfs should go, I did
> grep exportfs *
> in /rc/bin/services, this found 4 matches, 2 of which are il and disabled, the two other are tcp17007 (cpu, iirc), and tcp564.
> tcp17007:exec /bin/exportfs -a -A $netdir
> tcp564:exec /bin/exportfs -s
> So I guess /rc/bin/service/tcp564 (9fs) should be
> exec /bin/exportfs -s -a
Actually I don't believe there are any flags you can give
to exportfs that will make it authenticate during 9p using
Tauth/Rauth. Exportfs -a will run authentication before
starting 9P, not during 9P. This has the added benefit of
establishing a shared secret that will be used to encrypt
the connection with SSL.
If you want authentication during 9P, your best bet is
probably to use the fossil console `listen' command
to make fossil announce to the network directly.
Russ
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2007-10-31 11:18 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-10-30 11:05 [9fans] Authenticated mounts from non-plan9 systems johnny
2007-10-30 13:44 ` Eric Van Hensbergen
2007-10-31 9:54 ` johnny
2007-10-30 14:08 ` Anthony Sorace
2007-10-31 9:55 ` johnny
2007-10-31 10:05 ` johnny
2007-10-31 11:15 ` Russ Cox
2007-10-31 11:18 ` johnny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).