From: cinap_lenrek@felloff.net
To: 9front@9front.org
Subject: RE: [9front] The last CD distribution
Date: Sun, 5 Jun 2016 03:43:58 +0200 [thread overview]
Message-ID: <005ef1d6698a8423dc46792462d84760@felloff.net> (raw)
In-Reply-To: <201606050026.u550QI3a027713@mailmsa11.mozu.eo.k-opti.ad.jp>
> If the process was expected one.
> We have to reboot the auth/file/cpu server whenever we add
> a user onto this system.
> Am I wrong?
> Kenji
that depends.
the authserver needs to be rebooted after you converted to
aes format. or at least you'd have to kill the listener
for /rc/bin/service.auth and restart it with a new instance
of auth/keyfs in its namespace.
you might need to reboot your cpu/file server, or install the
new dp9ik key to its hostowner factotum manually by mounting
/srv/factotum and write the ctl file. a reboot can do that
given you have updated its nvram or installed the new key
in secstore.
if you already had a dp9ik key in its factotum and they
match with what the authserver has in its keydb, then no
reboot is neccesary.
the most important thing is making sure the authserver's
database has the keys for your cpu/file/auth server's
hostowners.
once you have that you can use auth/debug or try
to authenticate as these users and see if everything
works and make sure the clients and server have the
right keys in ther factotums.
if the authserver doesnt have keys for your server
and terminal it cannot work.
on the client side, you only get "key mismatch" error
when your client key doesnt match with the authserver.
the client can detect this as it will fail to decrypt
the ticket from the authserver.
if the server's key doesnt match the authservers you
get protocol botch error. this is because the server
will terminate the connection when it gets a ticket it
cannot decrypt.
--
cinap
next prev parent reply other threads:[~2016-06-05 1:43 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-03 8:14 岡本健二
2016-06-03 11:02 ` [9front] " cinap_lenrek
2016-06-03 12:16 ` cinap_lenrek
2016-06-03 14:49 ` stanley lieber
2016-06-04 5:59 ` 岡本健二
2016-06-04 6:16 ` 岡本健二
2016-06-04 14:13 ` cinap_lenrek
2016-06-05 0:20 ` 岡本健二
2016-06-05 0:26 ` 岡本健二
2016-06-05 0:37 ` kokamoto
2016-06-05 1:43 ` cinap_lenrek [this message]
2016-06-05 7:49 ` kokamoto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=005ef1d6698a8423dc46792462d84760@felloff.net \
--to=cinap_lenrek@felloff.net \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).