From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: * X-Spam-Status: No, score=2.0 required=5.0 tests=DATE_IN_PAST_12_24,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RDNS_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 3323 invoked from network); 16 Feb 2022 10:16:33 -0000 Received: from unknown (HELO 4ess.inri.net) (216.126.196.42) by inbox.vuxu.org with ESMTPUTF8; 16 Feb 2022 10:16:33 -0000 Received: from a48-182.smtp-out.amazonses.com ([54.240.48.182]) by 4ess; Tue Feb 15 16:17:28 -0500 2022 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=a4tryept6ew4kp6pdupzhtikhmwphypy; d=mapinternet.com; t=1644950794; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:To:In-Reply-To:Message-Id; bh=zbriyJoBIELhgqN3/InKe/N4XElHU0wUYUNWrM6mgBY=; b=flO0cmh9ZFv751h+30IX65UtXsRu6R8U6MC91Q1y4K+uhz09iyUVESWG8rxthHTo BUHLBhtGxZfVrDeGk5253J818Kh1MQLa/FtdVG3PCkhBxYv9t1D9cy5O1KuFpHd8zLk l7m0BLKV+yhS0PRUyxXFboOc8yxAmy9pNn7V7EEc= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1644950794; h=From:Content-Type:Content-Transfer-Encoding:Mime-Version:Subject:Date:References:To:In-Reply-To:Message-Id:Feedback-ID; bh=zbriyJoBIELhgqN3/InKe/N4XElHU0wUYUNWrM6mgBY=; b=MoNC56xQeuEjhLat/YQKQi+x3f1lV0/cKfKz7LkDVsBwuaOCZwuCYmCAkiUGRXTd WT1rnPZscuPhhHYAz2l4l3C6feaqh9BTp+0Br0h76nicXPMWe/zSKHsdabxYWZhnlu+ DhYLmfwFIwuDshdJMHB9FBoE21pJx/S+FEzwT6R0= X-Default-Received-SPF: pass (skip=loggedin (res=PASS)) x-ip-name=50.202.122.66; envelope-from=; From: Mack Wallace Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\)) Date: Tue, 15 Feb 2022 18:46:34 +0000 References: <0100017ef8b49b77-efd8ac91-87b4-4754-96ff-4842b10dcb2a-000000@email.amazonses.com> <22BDB269-25B6-4E0C-AF9C-23A0D81BC2BD@quintile.net> To: 9front@9front.org In-Reply-To: <22BDB269-25B6-4E0C-AF9C-23A0D81BC2BD@quintile.net> Message-ID: <0100017efeb52f8c-f83d0795-ccad-42b1-b128-9cffa7add2d5-000000@email.amazonses.com> X-Mailer: Apple Mail (2.3608.120.23.2.1) X-Qnum: 1327910823 X-Authenticated-User: mackbw@mapinternet.com Feedback-ID: 1.us-east-1.X+xhoL9JiEQ8K0gzGjV36WZnSewOzOs8YCWuakKsLBY=:AmazonSES X-SES-Outgoing: 2022.02.15-54.240.48.182 List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: immutable information high-performance TOR over SOAP realtime-java reduce/map frontend Subject: Re: [9front] Can additional keys be added to nvram? Reply-To: 9front@9front.org Precedence: bulk Thanks for the reply, I believe there are no differences between distributions when it comes = to the nvram mechanism. Upon first bootup as a CPU server auth/wrkey is = run and one provides the hostowners credentials. And these credentials = are automatically loaded into factotum on subsequent boots. Probably the = only difference between 9front and the labs 9 is that two keys are = stored for the host owner, one for p9sk1 protocol and one in dp9ik.=20 What I am asking is, I want to add one or two additional keys to the = nvram to be automatically loaded into factotum on boot. I just can=E2=80=99= t seem to find the appropriate instructions or procedure for taking a = factotum of the keys I want and getting them into nvram. That=E2=80=99s = what I am looking for. Regards, Mack > On Feb 14, 2022, at 5:11 PM, Steve Simon wrote: >=20 >=20 > cpu servers usually have a secstore key stored in an nvram partition = on disk using auth/wrkey. >=20 > the secstore key is then used to populate the cpu servers=E2=80=99s = factotum at boot. >=20 > once you have a populated factotum it can hold any keys you like. >=20 > beware: this is what i use on the labs distro, i believe it applies to = 9front too, but if not i am sure someone will kindly correct me. >=20 > -Steve >=20 >=20 >> On 14 Feb 2022, at 7:27 pm, Mack Wallace = wrote: >>=20 >> =EF=BB=BFI have some CPU servers that connect to some other devices = via SSH. Being a CPU server, factotum doesn=E2=80=99t ask for passwords, = and this CPU server is remote anyway and will running scripts to access = the other hardware.=20 >>=20 >> While we could add the key (username, password, ssh thumb) to = factotum through a script, it would be a lot nicer to have the other one = or two keys loaded from nvram. I know the nvram partition is typically = small (only 512 bytes), but I also know that a larger nvram partition = could be made. So is there a way to add keys to the nvram? >>=20 >> I did try to use auth/factotum -k (with -S) to 'write=E2=80=99 = factotum to nvram as stated in the man page. We also checked the = secstore man page and tried the procedure outlined there (though lacked = confidence that would work because it is specific for a secstore server) = - that did not work either.=20 >>=20 >> Look forward to the response. >>=20 >> Thanks, >>=20 >> Mack >>=20