From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <ee9e417a050503135958c825df@mail.gmail.com>
Date: Tue,  3 May 2005 16:59:16 -0400
From: Russ Cox <russcox@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu>
Subject: Re: [9fans] Auth woes.
In-Reply-To: <4277DCC4.5010806@asgaard.homelinux.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <4277BB46.6020001@asgaard.homelinux.org>
	<ee9e417a05050311007a7101fd@mail.gmail.com>
	<4277C5DB.7050601@asgaard.homelinux.org>
	<ee9e417a05050311465174d433@mail.gmail.com>
	<4277DCC4.5010806@asgaard.homelinux.org>
Topicbox-Message-UUID: 44d51656-ead0-11e9-9d60-3106f5b1d025

It sure sounds like your auth server (keyfs) and your factotum
do not agree on what the password is.  The new factotum that
I said to pull fixed a different problem -- if the server side fails
the auth, it could be because the client lied, so that case doesn't
disable the key anymore.  But the case you're running into is that
the tickets coming back from the auth server don't decrypt properly,
and since factotum trusts the auth server, it disables the key.

Russ

On 5/3/05, "Nils O. Sel=E5sdal" <noselasd@asgaard.homelinux.org> wrote:
> Russ Cox wrote:
> > after the cron job has run, what does cat /mnt/factotum/ctl show?
> >
> As I told Russ, the key gets disabled. I added a flog call to
> factotum/p9sk1.c;
>=20
> convM2T(tbuf, &s->t, (char*)s->key->priv);
> if(s->t.num !=3D AuthTc){
>         disablekey(s->key);
>         flog("disabling key. s->t.num=3D%d",s->t.num);
>         if(askforkeys){
>=20
> (Ok I later realized t.num is a char)
> Which seems to be what is disabling the key.
> /mnt/factotum/log says disabling key. s->t.num=3D41,
> (on next reboot it said s->t.num=3D76)
>=20
> The whole log is;
>=20
> 2: no key matches proto=3Dp9sk1 role=3Dserver dom?
> 2: failure no key matches proto=3Dp9sk1 role=3Dserver dom?
> 3: no key matches proto=3Dp9sk1 dom=3Dfiane.intra role=3Dclient dom=3Dfia=
ne.intra user?
> !password? owner=3Dupas owner=3D*
> 3: failure no key matches proto=3Dp9sk1 dom=3Dfiane.intra role=3Dclient
> dom=3Dfiane.intra user? !password?
> disabling key. s->t.num=3D76
> 3: failure bad key
> 4: no key matches proto=3Dp9sk1 role=3Dserver user? dom?
> 4: failure no key matches proto=3Dp9sk1 role=3Dserver user? dom?
>=20
> --
> Nils O. Sel=E5sdal
>