From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: "Russ Cox" To: 9fans@cse.psu.edu Subject: RE: [9fans] Auth problems (again?) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Fri, 20 Sep 2002 01:03:00 -0400 Topicbox-Message-UUID: f080c488-eaca-11e9-9e20-41e7f4b1d025 Try updating from sources again. It will pick up a new program called auth/debug. Run auth/debug. It asks for your local user password as well as the cpu hostowner name and password. It uses these to check that your auth server is dialable and that it's giving out correct tickets (which means it agrees with you about those passwords). The idea is that auth/debug will accumulate more such sanity checks as time goes on. For example, in my fairly complicated setup (three p9sk1 domains), running auth/debug yields: g% grep p9sk1 /mnt/factotum/ctl key dom=cs.bell-labs.com proto=p9sk1 user=rsc !password? key dom=outside.plan9.bell-labs.com proto=p9sk1 user=bozo !password? key dom=insideout.plan9.bell-labs.com proto=p9sk1 role=speakfor user=glenda !password? g% auth/debug p9sk1 key: dom=cs.bell-labs.com proto=p9sk1 user=rsc !password? successfully dialed auth server password for rsc@cs.bell-labs.com [hit enter to skip test]: ticket request using rsc@cs.bell-labs.com key succeeded cpu server owner for domain cs.bell-labs.com [bootes]: password for bootes@cs.bell-labs.com [hit enter to skip test]: ticket request using bootes@cs.bell-labs.com key succeeded p9sk1 key: dom=outside.plan9.bell-labs.com proto=p9sk1 user=bozo !password? successfully dialed auth server password for bozo@outside.plan9.bell-labs.com [hit enter to skip test]: ticket request using bozo@outside.plan9.bell-labs.com key succeeded cpu server owner for domain outside.plan9.bell-labs.com [bootes]: glenda password for glenda@outside.plan9.bell-labs.com [hit enter to skip test]: ticket request using glenda@outside.plan9.bell-labs.com key succeeded p9sk1 key: dom=insideout.plan9.bell-labs.com proto=p9sk1 role=speakfor user=glenda !password? cannot dial auth server: no auth server found for insideout.plan9.bell-labs.com csquery authdom=insideout.plan9.bell-labs.com auth=* failed csquery dom=insideout.plan9.bell-labs.com auth='' dial net!!ticket failed: cs: can't translate address g% The first two sections are examples of domains that worked: I have cs.bell-labs.com (used by plan9.bell-labs.com) and outside.plan9.bell-labs.com (used by sources) set up correctly. In the third, auth/debug flags the fact that it can't figure out the auth server for the domain and thus can't dial it. (That's okay because there is no auth server, but this is a degenerate case.) Let me know what you get when you run auth/debug and we'll go from there. Russ