From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: [9fans] pwd To: 9fans@cse.psu.edu Message-Id: In-Reply-To: <200108151633.MAA07522@augusta.math.psu.edu> From: pac Date: Thu, 16 Aug 2001 16:23:19 +0200 Topicbox-Message-UUID: deaf2386-eac9-11e9-9e20-41e7f4b1d025 >> In article you write: >> >It is a single machine running plan9 in the whole LAN; thus it should >> >serve everything: cpu, file, auth ... Do I have to configure auth >> >services manually? >> >> Well, if it's set up as a terminal, and using the default >> /rc/bin/termrc, then it won't start the auth services, and you'd have >> to configure it otherwise. Likewise with serving kfs. >> >> If it's the only plan 9 machine on the network, you have a chicken and >> egg problem when it boots up; it's the kernel that asks for your >> password and expects to be able to talk to the auth server to validate >> it. But, if you haven't started the auth server, and you clearly >> haven't since you haven't started any user processes yet, it'll have >> nothing to validate against. >> >> CPU servers get around this by either not asking for a password at all >> and having a local KFS file system (started by the kernel) off of which >> they'll start the auth server, or, if talking to a file server, by >> timing out and saying, ``okay, I'll use the key that's in my nvram to >> authenticate myself to the file server....'' (the file server also >> knows it's own key, so that's okay) and then starting up the auth >> server. >> >> Terminals expect that an auth server already is running, and will fail >> to start if they can't get a valid password (unless they're configured >> to start up standalone, using kfs, which again ist started by the >> kernel, in which case we're back where we started, where whatever >> password you enter is essentially meaningless, thus the idea of >> changing it is also meaningless). >> >> Does that make sense? (Other 9fans, did I make any mistakes in my >> description above? Please feel free to correct me; I don't want to >> spread falsehoods out of ignorance. :-) >> >> - Dan C. >> >> Hmm... sounds like there is no way how to authenticate a user on a singlr plan9 machine, am I right?