Re: [9fans] authdom

Re: [9fans] authdom

[Russ Cox]

I _think_ (and I am far from certain) that if you
invalidate the nvram on the floppy (echo blah blah blah >plan9.nvr)
then you will be reprompted.

What I am uncertain about is whether the nvram holds
anything other than the auth data (like the fs config!).
Assuming it does not (I think the fs config is on the
first block of the first disk in your fs) then this
will work fine.

Ditto for the cpu servers, except there I'm certain
that the only data in the nvram is auth info.

After invalidating the nvram, you'll be prompted
for new information when you boot.  Then you can
specify a different auth domain, auth user, etc.

Perhaps someone more familiar with the file server will
correct me or confirm that the nvram has only auth
data in it.

Russ

Re: [9fans] authdom

[Geoff Collyer]

instead of typing "config" and retyping your entire fs configuration,
you should be able to use the undocumented "nvram" command to just
name the device holding the configuration block.  So if you once typed

	config w0

you should be able to recover that entire configuration by typing

	nvram w0

Re: [9fans] authdom

[forsyth]

[-- Attachment #1: Type: text/plain, Size: 274 bytes --]

it's the same nvram field that the file server uses to
hold the name of the config block device, but the
cpu/auth server (now) uses to hold the key for secstore.
the 4e auth/wrkey prompts with `secstore key'.
i don't think the old cpu/auth server did anything with it.

[-- Attachment #2: Type: message/rfc822, Size: 3021 bytes --]

To: 9fans@cse.psu.edu
Subject: Re: [9fans] authdom
Date: Thu, 02 May 2002 20:36:52 +0200
Message-ID: <200205021836.g42IaqC26436@zamenhof.cs.utwente.nl>

thanks! I tried on 4e fs and 3e cpu/auth and it worked.
I noticed that auth/wrkey also asks for 'config:'
(with as default [], empty string, to which I just hit return).
Just out of curiosity, what is/was that used for?

Axel -- tried to RTFM, but...

> On cpu/auth servers, run auth/wrkey as the host owner.
> On fs servers, you can use the command 'passwd'.

Re: [9fans] authdom

[Axel Belinfante]

thanks! I tried on 4e fs and 3e cpu/auth and it worked.
I noticed that auth/wrkey also asks for 'config:'
(with as default [], empty string, to which I just hit return).
Just out of curiosity, what is/was that used for?

Axel -- tried to RTFM, but...

> On cpu/auth servers, run auth/wrkey as the host owner.
> On fs servers, you can use the command 'passwd'.

Re: [9fans] authdom

[forsyth]

>>What I am uncertain about is whether the nvram holds
>>anything other than the auth data (like the fs config!).
>>Assuming it does not (I think the fs config is on the
>>first block of the first disk in your fs) then this
>>will work fine.

the nvram on the file server tells which device contains the config block,
so you'll need to re-enter `config' in the file server, but
if you do that, it clears the configuration and you need to provide the whole
configuration again, so the effect is much the same
as if the nvram did contain the configuration.
don't forget to `printconf' first, then.

instead, i suggest you boot the file server
and use its passwd command, which will change the
authentication information in the file server's nvram.
it prompts for what it needs.  it should take effect
immediately.

it's a completely different story on the cpu server.

Re: [9fans] authdom

[presotto]

[-- Attachment #1: Type: text/plain, Size: 104 bytes --]

On cpu/auth servers, run auth/wrkey as the host owner.
On fs servers, you can use the command 'passwd'.

[-- Attachment #2: Type: message/rfc822, Size: 2932 bytes --]

From: Axel Belinfante <Axel.Belinfante@cs.utwente.nl>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] authdom
Date: Thu, 02 May 2002 15:46:20 +0200
Message-ID: <200205021346.g42DkKN25526@zamenhof.cs.utwente.nl>

How to change the authdom entered on fs and cpu/auth servers?
For cpu server, in 3e and 4e boot(8) I found the -k boot flag
(can I just add that to a bootargs= plan9.ini entry?);
how do I change it on the fs, only by (re)moving the nvram file
on the boot flop, or are there other ways?

Axel (who wants to replace a silly authdom by a more sensible one)

Re: [9fans] authdom

[Axel Belinfante]

How to change the authdom entered on fs and cpu/auth servers?
For cpu server, in 3e and 4e boot(8) I found the -k boot flag
(can I just add that to a bootargs= plan9.ini entry?);
how do I change it on the fs, only by (re)moving the nvram file
on the boot flop, or are there other ways?

Axel (who wants to replace a silly authdom by a more sensible one)

[9fans] authdom

[presotto]

There's a new ndb attribute, authdom.  With the new factotum we can
now authenticate in multiple domains.  To do this, we need to know
the auth server to use in that domain.  The authdom attribute can
be used to do that.  For example, I tack the following onto my
/net/ndb after boot:

authdom=cs.bell-labs.com
	auth=204.178.31.3
authdom=closedmind.org
	auth=10.0.0.2

That way I can contact the correct auth server for the labs and for
my private domain.  This probably won't matter to you right now but
we will soon have a file server on the outside that will reflect
our current source.  To connect to it you will have to authenticate
using an auth server we'll leave on the outside.  More on that when it
happens.