9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: andrey mirtchovski <mirtchov@cpsc.ucalgary.ca>
To: 9fans@cse.psu.edu
Subject: Re: [9fans]
Date: Sat,  3 Jul 2004 10:37:38 -0600	[thread overview]
Message-ID: <dbf6ecba4e60366df03335b15b1844a8@plan9.ucalgary.ca> (raw)
In-Reply-To: <40E65D6D.4050101@place.org>

that's a long one! let's try step by step :)

> This may sound funny, but can I setup a CPU server, auth server,
> and terminal all on the same system and have it all configure
> itself dynamically based on a DHCP IP address?

there's no reason why not.  the only trick you'll need to take care of
is to configure the ndb properly in case the IP address of the machine
is constantly changing.  it won't be, would it?

so, by following the instructions on the wiki you should do something
like:

	- compile 9pcauth

	- edit /rc/bin/cpurc to dhcp an ip address, start auth/keyfs
	and start rio for the terminal part.

>
> Although my system worked just fine from the gnot install defaults,
> after converting to a cpuserver,  I got this:
>
>     RIO says: aux/vga: mga2164w: can't set mga type
>     rio: can't open display: initdisplpay: /dev/draw/new: no framebuffer
>     init: rc exit status: rc 12: rio 13: display open

copy the 'vga*' lines from /sys/src/9/pc/pcf to the kernel you're
compiling (/sys/src/9/pc/pcauth)

cpu server kernels by default have very few graphics cards compiled in.

> I am unclear what passwords to assign to secstore and
> bootes as I'm setting up the authserver for the first time.
> I'm also unclear what the difference is between bootes
> and other users I might create after this.
>

bootes (or any other user you dedicate as the cpu owner) will control
the resources on a particular machine.  bootes is just a conventional
(?) name bell-labs have adopted -- people in other places have chosen
other names for the cpu owners, and i myself used to boot under my own
user when i had a setup identical to yours (a single machine for
everything).  if you choose a diffferent name and want users to login
edit /lib/ndb/auth appropriately :)

when users log in to a Plan 9 installation their passwords are
verified by an 'auth/keyfs' on the AUTH server of that particular
installation.  those are the 'plan9' passwords.  on the other hand
when a user logs in they may decide to initialize their factotum with
passwords from the secstore.  secstore is just a convenient storage
for secrets (an encrypted file system if you wish) and has no role in
the interaction between machines in an installation.  you won't need a
secstore for your installation to work.

check the /sys/doc/auth.ps paper (also on Bell-Labs' site) for more
detailed information on the secstore/factotum pair.

> Also, SSH fails to connect now that I've rebooted and
> setup bootes as the terminal "owner" (if that's the right term,
> pardon my pun). I figure something must be haywire
> in my authentication (Factotum?). Following instructions at
> http://pages.cpsc.ucalgary.ca/~mirtchov/lanlp9/tips.html
> I figured I should combine both authserver and terminal
> instructions. I get:
>
>     cpu% auth/secstore -p /tmp/factotum
>     can't dial tcp!$auth!5356
>     secstore authentication failed

you'll need to have both auth/secstored and auth/factotum started.
secstored should be started from /rc/bin/cpurc, you can put
'auth/factotum' in your profile or just start it by hand.

also make sure your /lib/ndb/local has an 'auth=' entry for the subnet
you're in, here's an example:

	ipnet=hidden ip=192.168.0.0 ipmask=255.255.0.0
		proto=tcp
		cpu=plan9.ucalgary.ca
		fs=plan9.ucalgary.ca
		auth=plan9.ucalgary.ca
		authdom=plan9.ucalgary.ca
		dns=136.159.5.14
		dns=136.159.5.15

>
> Out of curiosity, I tried to do a pull to update my system.
> That didn't work, either. I was running as bootes connected
> through drawterm:
>
> cpu% /usr/glenda/bin/rc/pull
> post...
> srv tcp!sources.cs.bell-labs.com!9fs: mount failed: authentication failed
> bind: /n/sources/plan9: '/n/sources/plan9' does not exist
> servermount: bind 363: bind
> cpu% 9fs sources
> srv tcp!sources.cs.bell-labs.com: mount failed: authentication failed

that would indicate you have no auth/factotum started.


>
> I apologize for asking so many questions at once, but there
> doesn't seem to be a true cookbook recipe posted on just
> how to do this with all the obvious steps included for mortals
> like me.

it's like riding a bycicle -- once you do it you'll always know how
it's done :)

you're welcome to write a howto from your perspective (once everything
is done) and we'll put it on the wiki :)


> By the way, can I reboot a system from drawterm and how would I
> do that?

echo reboot > /dev/reboot

good luck: andrey



  reply	other threads:[~2004-07-03 16:37 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-06-25 17:30 [9fans] which register is used as FP on the x86 ron minnich
2004-06-25 17:53 ` rog
2004-06-26 11:56   ` Andrew Lynch
2004-06-26 12:35     ` Latchesar Ionkov
2004-06-26 12:35     ` Charles Forsyth
2004-06-26 14:27   ` Latchesar Ionkov
2004-06-26 17:31     ` Charles Forsyth
2004-07-03  7:17 ` [9fans] cpuserver: dhcp for authsrv, rio, users, ssh, factotum, pull Stephen Wynne
2004-07-03 16:37   ` andrey mirtchovski [this message]
2004-07-05  4:06     ` [9fans] Stephen Wynne
2004-07-05 17:23       ` [9fans] andrey mirtchovski
2004-07-05 20:33       ` [9fans] Eric Grosse
  -- strict thread matches above, loose matches on Subject: below --
2023-05-10 22:33 [9fans] Romano
2023-05-10 23:51 ` [9fans] Dan Cross
2023-04-21 13:33 [9fans] Thaddeus Woskowiak
2023-04-27 23:13 ` [9fans] Lyndon Nerenberg (VE7TFX/VE6BBM)
2020-10-21  0:17 Steve Simon
2020-10-21  3:45 ` [9fans] Lucio De Re
2013-04-09  0:12 [9fans] [ Ashish Raste
2006-11-14  3:23 [9fans] Creating a custom jmp_buf; libthread implementation question Joel Salomon
2006-11-14  5:44 ` [9fans] Skip Tavakkolian
2006-01-05 19:50 [9fans] marina
2006-01-05 20:34 ` [9fans] andrey mirtchovski
2004-07-20  8:36 [9fans] ÊÀ½ç×î¾ß¹æÄ£µÄ¹âµçÕ¹ÀÀ»á³ÏÑûÄúµÄ²ÎÓ룡 €й€€ⲩ€€_€Ź€ӡ
2001-08-23  2:41 [9fans] usb floppy Boyd Roberts
2001-08-23  3:52 ` [9fans] :) andrey mirtchovski
1997-10-17 16:07 [9fans] Scott
1997-10-17 12:27 [9fans] Boyd
1997-10-17  9:40 [9fans] Steve_Kilbane
1997-10-17  8:51 [9fans] Lucio
1997-10-17  8:00 [9fans] Boyd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dbf6ecba4e60366df03335b15b1844a8@plan9.ucalgary.ca \
    --to=mirtchov@cpsc.ucalgary.ca \
    --cc=9fans@cse.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).