From: pac <cej@cejchan.gli.cas.cz>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] pwd
Date: Thu, 16 Aug 2001 16:23:19 +0200 [thread overview]
Message-ID: <cej-1010816162318.A01284@cejchan.gli.cas.cz> (raw)
In-Reply-To: <200108151633.MAA07522@augusta.math.psu.edu>
>> In article <cej-1010815163141.A02421@cejchan.gli.cas.cz> you write:
>> >It is a single machine running plan9 in the whole LAN; thus it should
>> >serve everything: cpu, file, auth ... Do I have to configure auth
>> >services manually?
>>
>> Well, if it's set up as a terminal, and using the default
>> /rc/bin/termrc, then it won't start the auth services, and you'd have
>> to configure it otherwise. Likewise with serving kfs.
>>
>> If it's the only plan 9 machine on the network, you have a chicken and
>> egg problem when it boots up; it's the kernel that asks for your
>> password and expects to be able to talk to the auth server to validate
>> it. But, if you haven't started the auth server, and you clearly
>> haven't since you haven't started any user processes yet, it'll have
>> nothing to validate against.
>>
>> CPU servers get around this by either not asking for a password at all
>> and having a local KFS file system (started by the kernel) off of which
>> they'll start the auth server, or, if talking to a file server, by
>> timing out and saying, ``okay, I'll use the key that's in my nvram to
>> authenticate myself to the file server....'' (the file server also
>> knows it's own key, so that's okay) and then starting up the auth
>> server.
>>
>> Terminals expect that an auth server already is running, and will fail
>> to start if they can't get a valid password (unless they're configured
>> to start up standalone, using kfs, which again ist started by the
>> kernel, in which case we're back where we started, where whatever
>> password you enter is essentially meaningless, thus the idea of
>> changing it is also meaningless).
>>
>> Does that make sense? (Other 9fans, did I make any mistakes in my
>> description above? Please feel free to correct me; I don't want to
>> spread falsehoods out of ignorance. :-)
>>
>> - Dan C.
>>
>>
Hmm... sounds like there is no way how to authenticate a user on a singlr plan9 machine, am I right?
next prev parent reply other threads:[~2001-08-16 14:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-14 11:40 pac
2001-08-14 14:48 ` Dan Cross
2001-08-15 14:31 ` pac
2001-08-15 16:33 ` Dan Cross
2001-08-15 16:44 ` Lucio De Re
2001-08-15 17:55 ` Dan Cross
2001-08-16 14:23 ` pac [this message]
2001-08-17 16:04 ` Dan Cross
2001-08-14 16:22 Russ Cox
2001-08-15 14:26 ` pac
2001-08-16 1:05 forsyth
2001-08-17 16:47 forsyth
2001-08-17 17:59 ` Dan Cross
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cej-1010816162318.A01284@cejchan.gli.cas.cz \
--to=cej@cejchan.gli.cas.cz \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).