From: andrey mirtchovski <mirtchov@cpsc.ucalgary.ca>
To: 9fans@cse.psu.edu
Subject: Re: [9fans]
Date: Mon, 5 Jul 2004 11:23:55 -0600 [thread overview]
Message-ID: <eda658dd5a8e140ce0563589cf9ac409@plan9.ucalgary.ca> (raw)
In-Reply-To: <40E8D3CE.6000802@place.org>
> andrey mirtchovski wrote:
>
> > you won't need a secstore for your installation to work.
>
> OK, I guess I don't need it for connecting with drawterm,
> either. But apparently I need it for SSH and pulling
> updates. I may also need it for other stuff. I'm running
> an app that makes a call to auth_getuserpasswd() and it
> fails now that I've tried to setup securestore; it used to
> get past that point before.
you don't need secstore for pulling from sources. you don't need it
to ssh out from Plan 9, you don't even (necessarily) need it to ssh to
the Plan 9 machine (though you'll get a warning for the changed key
every time you reinitialize with auth/rsagen, i.e. after a reboot).
in fact, secstore can be left as the last thing you setup, after
having made sure everything else works -- it's just a (very useful!)
convenience.
> The mkdirs were done before. One small issue, factotum
> wanted /adm/secstore/store/bootes/factotum/ (I think it
> was).
>
> > on auth server:
> >
> > auth/secstored
> > mkdir /adm/secstore
> > mkdir /adm/secstore/store
> > mkdir /adm/secstore/who
> > auth/secuser dpx
> >
did this succeed?
you've read the secstore(1) man page, i presume? it basically
explains why the above steps should be taken (and why there should be
a chmod 770 somewhere in there too):
Secuser is an administrative command that runs on the sec-
store machine, normally the authserver, to create new
accounts and to change status on existing accounts. It
prompts for account information such as password and expira-
tion date, writing to /adm/secstore/who/$uid. The
/adm/secstore directory should be created mode 770 for the
userid or groupid of the secstored process.
[...]
/adm/secstore/who/$uid secstore account name, expiration
date, verifier
/adm/secstore/store/$uid/ users' files
> > on terminal:
> >
> > touch /tmp/factotum
> > auth/secstore -p /tmp/factotum
> > ramfs -p; cd /tmp
> > auth/secstore -g factotum
> > secstore password:
> > echo 'key proto=apop dom=x.com user=dpx \
> > !password=y~1' >> factotum
> > auth/secstore -p factotum
> > secstore password:
> > cat factotum > /mnt/factotum/ctl
>
> This is where I'm still stuck.
so, what do you see (as the user who started secstored) in
/adm/secstore? here's a sample from our machines:
plan9# ls -l /adm/secstore/store/andrey
--rw-rw---- M 4951 bootes bootes 696 Sep 15 2003 /adm/secstore/store/andrey/factotum
plan9#
you should see a single file (factotum) if you've put it properly.
from what you gave above it looks like you're looking for a file named
'factotum' already existing in secstore, however when you initialize a
user's secstore there's absolutely nothing in it -- you need to put
the files there first.
>
> Now I get to the ramfs stage! However, secstore -g complains
> about /tmp/factotum not existing. If I skip the
> ramfs step, I see this:
>
> cpu% auth/secstore -g factotum
> secstore password:
> secstore
> implausible filesize for factotum
> secstore cmd failed
>
> On the console of the PC, I see "implausible filesize -1
> for factotum," but no information about which file is too
> small.
>
secstore doesn't have any files in it by default, it just encrypts
whatever you decide to store in it. usually that is a file suitable
for initializing your factotum.
it looks like you have a bad file in it, so all you need to do is
remove it and store it anew. here's how to do it:
% auth/factotum # hit enter on the 'secstore password' prompt
% ramfs -p
# you may wish to log in to a few places before the next step,
# just to make sure you have as many passwords as you can
# from the beginning. ssh to one or two machines, just for fun
% cat /mnt/factotum/ctl > /tmp/factotum
% cd /tmp
# edit /tmp/factotum and change all question marks to the actual
# passwords you use, for example if /mnt/factotum/ctl has:
# key proto=p9sk1 dom=plan9.ca user=somebody !password?
# in /tmp/factotum it should appear as:
# key proto=p9sk1 dom=plan9.ca user=somebody !password=mypassword
%
# now simply add this file to the secstore:
% auth/secstore -p factotum
# and kill the ramfs session (^D)
and verify that the new password works by starting a new factotum and
attempting to login to one of the machines whose passwords you've
added to the factotum file in secstore. if doing it for bootes you
may want to add the ssh server key there too (follow the ssh(1)
instructions)
andrey
next prev parent reply other threads:[~2004-07-05 17:23 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-25 17:30 [9fans] which register is used as FP on the x86 ron minnich
2004-06-25 17:53 ` rog
2004-06-26 11:56 ` Andrew Lynch
2004-06-26 12:35 ` Latchesar Ionkov
2004-06-26 12:35 ` Charles Forsyth
2004-06-26 14:27 ` Latchesar Ionkov
2004-06-26 17:31 ` Charles Forsyth
2004-07-03 7:17 ` [9fans] cpuserver: dhcp for authsrv, rio, users, ssh, factotum, pull Stephen Wynne
2004-07-03 16:37 ` [9fans] andrey mirtchovski
2004-07-05 4:06 ` [9fans] Stephen Wynne
2004-07-05 17:23 ` andrey mirtchovski [this message]
2004-07-05 20:33 ` [9fans] Eric Grosse
-- strict thread matches above, loose matches on Subject: below --
2023-05-10 22:33 [9fans] Romano
2023-05-10 23:51 ` [9fans] Dan Cross
2023-04-21 13:33 [9fans] Thaddeus Woskowiak
2023-04-27 23:13 ` [9fans] Lyndon Nerenberg (VE7TFX/VE6BBM)
2020-10-21 0:17 Steve Simon
2020-10-21 3:45 ` [9fans] Lucio De Re
2013-04-09 0:12 [9fans] [ Ashish Raste
2006-11-14 3:23 [9fans] Creating a custom jmp_buf; libthread implementation question Joel Salomon
2006-11-14 5:44 ` [9fans] Skip Tavakkolian
2006-01-05 19:50 [9fans] marina
2006-01-05 20:34 ` [9fans] andrey mirtchovski
2004-07-20 8:36 [9fans] ÊÀ½ç×î¾ß¹æÄ£µÄ¹âµçÕ¹ÀÀ»á³ÏÑûÄúµÄ²ÎÓ룡 €й€€ⲩ€€_€Ź€ӡ
2001-08-23 2:41 [9fans] usb floppy Boyd Roberts
2001-08-23 3:52 ` [9fans] :) andrey mirtchovski
1997-10-17 16:07 [9fans] Scott
1997-10-17 12:27 [9fans] Boyd
1997-10-17 9:40 [9fans] Steve_Kilbane
1997-10-17 8:51 [9fans] Lucio
1997-10-17 8:00 [9fans] Boyd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eda658dd5a8e140ce0563589cf9ac409@plan9.ucalgary.ca \
--to=mirtchov@cpsc.ucalgary.ca \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).