From: Russ Cox <russcox@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] Auth woes.
Date: Tue, 3 May 2005 16:59:16 -0400 [thread overview]
Message-ID: <ee9e417a050503135958c825df@mail.gmail.com> (raw)
In-Reply-To: <4277DCC4.5010806@asgaard.homelinux.org>
It sure sounds like your auth server (keyfs) and your factotum
do not agree on what the password is. The new factotum that
I said to pull fixed a different problem -- if the server side fails
the auth, it could be because the client lied, so that case doesn't
disable the key anymore. But the case you're running into is that
the tickets coming back from the auth server don't decrypt properly,
and since factotum trusts the auth server, it disables the key.
Russ
On 5/3/05, "Nils O. Selåsdal" <noselasd@asgaard.homelinux.org> wrote:
> Russ Cox wrote:
> > after the cron job has run, what does cat /mnt/factotum/ctl show?
> >
> As I told Russ, the key gets disabled. I added a flog call to
> factotum/p9sk1.c;
>
> convM2T(tbuf, &s->t, (char*)s->key->priv);
> if(s->t.num != AuthTc){
> disablekey(s->key);
> flog("disabling key. s->t.num=%d",s->t.num);
> if(askforkeys){
>
> (Ok I later realized t.num is a char)
> Which seems to be what is disabling the key.
> /mnt/factotum/log says disabling key. s->t.num=41,
> (on next reboot it said s->t.num=76)
>
> The whole log is;
>
> 2: no key matches proto=p9sk1 role=server dom?
> 2: failure no key matches proto=p9sk1 role=server dom?
> 3: no key matches proto=p9sk1 dom=fiane.intra role=client dom=fiane.intra user?
> !password? owner=upas owner=*
> 3: failure no key matches proto=p9sk1 dom=fiane.intra role=client
> dom=fiane.intra user? !password?
> disabling key. s->t.num=76
> 3: failure bad key
> 4: no key matches proto=p9sk1 role=server user? dom?
> 4: failure no key matches proto=p9sk1 role=server user? dom?
>
> --
> Nils O. Selåsdal
>
next prev parent reply other threads:[~2005-05-03 20:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-03 17:56 "Nils O. Selåsdal"
2005-05-03 18:00 ` Russ Cox
2005-05-03 18:41 ` "Nils O. Selåsdal"
[not found] ` <ee9e417a05050311465174d433@mail.gmail.com>
2005-05-03 20:19 ` "Nils O. Selåsdal"
2005-05-03 20:59 ` Russ Cox [this message]
[not found] ` <4277EEE4.5060504@asgaard.homelinux.org>
[not found] ` <ee9e417a05050314435cd0ebd9@mail.gmail.com>
2005-05-03 22:08 ` "Nils O. Selåsdal"
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee9e417a050503135958c825df@mail.gmail.com \
--to=russcox@gmail.com \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).