From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mta01.eonet.ne.jp ([203.140.81.21]) by ur; Fri Jun 3 04:15:03 EDT 2016 Received: from [IPv6:::ffff:192.168.11.16] (101-141-38-58f1.osk3.eonet.ne.jp [101.141.38.58]) by mailmsa12.mozu.eo.k-opti.ad.jp with ESMTP id u538Esrb029095 for <9front@9front.org>; Fri, 3 Jun 2016 17:14:56 +0900 Message-Id: <201606030814.u538Esrb029095@mailmsa12.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 To: "9front@9front.org" <9front@9front.org> From: =?utf-8?Q?=E5=B2=A1=E6=9C=AC=E5=81=A5=E4=BA=8C?= Subject: The last CD distribution Date: Fri, 3 Jun 2016 17:14:48 +0900 Importance: normal X-Priority: 3 Content-Type: multipart/alternative; boundary="_D006062A-164C-4402-9A36-EAA6F0B390C5_" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: event singleton map/reduce control --_D006062A-164C-4402-9A36-EAA6F0B390C5_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now writing from win10 machine, because I cann=E2=80=99t use terminhal on t= he File/auth sever build from the sources of the last CDROM iso image. The error message is like: Mount: auth_proxy: auth_proxy rpc write: AS protocol botch Mount: mount /root: phase error protocol phase error: Read in state SneedTicket Then, I re-entered password, and kill the secstored on the auth server. The /mnt/factotum/ctl shows two lines of: key proto=3Dp9sk1 user=3Dglenda dom=3D=E2=80=A6.. key proto=3Ddp9ik user=3Dglenda dom=3D=E2=80=A6 I was asked dp9ik password from the terminal, and failed by password Missmatch. Any suggestions? Kenji Windows 10 =E7=89=88=E3=81=AE=E3=83=A1=E3=83=BC=E3=83=AB=E3=81=8B=E3=82=89= =E9=80=81=E4=BF=A1 --_D006062A-164C-4402-9A36-EAA6F0B390C5_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

Now writing from wi= n10 machine, because I cann=E2=80=99t use terminhal on the

File/auth sever build from the sources of= the last CDROM iso image.

The e= rror message is like:

Mou= nt: auth_proxy: auth_proxy rpc write: AS protocol botch

Mount: mount /root: phase error protocol ph= ase error:

Read in state = SneedTicket

Then, I re-entered p= assword, and kill the secstored on the auth server.

The /mnt/factotum/ctl shows two lines of:=

key proto=3Dp9sk1 user=3Dglenda= dom=3D=E2=80=A6..

key pr= oto=3Ddp9ik user=3Dglenda dom=3D=E2=80=A6

I= was asked dp9ik password from the terminal, and failed by password<= /p>

Missmatch.

Any suggestions?

Kenji

Windows 10 <= /span>=E7=89=88=E3=81=AE=E3=83= =A1=E3=83=BC=E3=83=AB=E3=81=8B=E3=82=89=E9=80=81= =E4=BF=A1

= --_D006062A-164C-4402-9A36-EAA6F0B390C5_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from duke.felloff.net ([216.126.196.34]) by ur; Fri Jun 3 07:02:45 EDT 2016 Message-ID: <31ada30979b6c9c7d6effac7e4c2172f@felloff.net> Date: Fri, 3 Jun 2016 13:02:38 +0200 From: cinap_lenrek@felloff.net To: 9front@9front.org Subject: Re: [9front] The last CD distribution In-Reply-To: <201606030814.u538Esrb029095@mailmsa12.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: basic patented firewall-oriented session engine des tickets have been disabled (2016/04/08) on the auth server to prevent password bruteforce attack with the -N flag to authsrv in /rc/bin/service.auth/tcp567. removing that flag would make p9sk1 work again but will get you hacked. the prefered way is to update your keydb. if your keydb is not already in aes format (needed to store new aes keys) you have to convert it with auth/convkeys -pa. then you have to set new passwords. then update the nvrams on your servers to match the new hostowner passwords. finally, you might update your secstore file and delete the p9sk1 key and replace them with dp9ik keys. -- cinap From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from duke.felloff.net ([216.126.196.34]) by ur; Fri Jun 3 08:16:18 EDT 2016 Message-ID: <6239f97ba80cb8dcc56b0a2d6f56254a@felloff.net> Date: Fri, 3 Jun 2016 14:16:10 +0200 From: cinap_lenrek@felloff.net To: 9front@9front.org Subject: Re: [9front] The last CD distribution In-Reply-To: <201606030814.u538Esrb029095@mailmsa12.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: firewall out-scaling-scale base i'v posted a mail to 9front mailinglist in 6th Jan 2016 describing the procedure to update the auth infrastructure to the new aes keys and dp9ik here: http://felloff.net/usr/cinap_lenrek/authupdate.txt from then on, we where in transition, that means both p9sk1 and dp9ik where allowed in parallel by the auth server. which doesnt add any security until p9sk1 is disabled. on 7th Apr, des tickets where disabled because drawterm finally got dp9ik support and there was no more reason to run vulnerable system and new installed systems will go to use dp9ik only. -- cinap From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ds.inri.net ([107.191.103.21]) by ur; Fri Jun 3 10:53:59 EDT 2016 Received: from [10.183.22.90] ([166.170.221.198]) by ds; Fri Jun 3 10:53:58 EDT 2016 In-Reply-To: <6239f97ba80cb8dcc56b0a2d6f56254a@felloff.net> References: <6239f97ba80cb8dcc56b0a2d6f56254a@felloff.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [9front] The last CD distribution From: stanley lieber Date: Fri, 03 Jun 2016 10:49:57 -0400 To: 9front@9front.org Message-ID: List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: reduce/map replication http://fqa=2E9front=2Eorg/fqa7=2Ehtml#7=2E4=2E3=2E2 From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mta01.eonet.ne.jp ([203.140.81.45]) by ur; Sat Jun 4 01:59:53 EDT 2016 Received: from [IPv6:::ffff:192.168.11.6] (101-141-38-58f1.osk3.eonet.ne.jp [101.141.38.58]) by mailmsa12.mozu.eo.k-opti.ad.jp with ESMTP id u545xkD6026946 for <9front@9front.org>; Sat, 4 Jun 2016 14:59:46 +0900 Message-Id: <201606040559.u545xkD6026946@mailmsa12.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 To: "9front@9front.org" <9front@9front.org> From: =?utf-8?Q?=E5=B2=A1=E6=9C=AC=E5=81=A5=E4=BA=8C?= Subject: RE: [9front] The last CD distribution Date: Sat, 4 Jun 2016 14:59:35 +0900 Importance: normal X-Priority: 3 In-Reply-To: References: <6239f97ba80cb8dcc56b0a2d6f56254a@felloff.net> Content-Type: multipart/alternative; boundary="_B1B89EC4-8166-476D-81BA-357A5ED6D912_" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: generic content-addressed component enhancement dependency extension enhancement-based generator --_B1B89EC4-8166-476D-81BA-357A5ED6D912_ Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8" WWVzLCBJYHZlIHJlYWQgdGhhdCBkb2N1bWVudCwgYnV0IHN0aWxsIGZhaWxzLg0KV2hlbiBJIGRp c3BhdGNoZWQgdGhlIGNvbW1hbmQgb24gbXkgcGM2NCBhdXRoIHNlcnZlcig9ZmlsZS9jcHUgc2Vy dmVyKSBvZg0KcGFzc3dkIGxpa2U6DQp0aXRhbjogcGFzc3dkIGtva2Ftb3RvDQp0aGVuIEkgZ290 DQpQbGFuOSBwYXNzd29yZDogPHBhc3N3b3JkIGlucHV0Pg0KUGFzc3dkOiBBUyBwcm90b2NvbCBi b3RjaC4NCg0KV2hlbiBJIHRyeSB0byBsb2dpbiBmcm9tIGEgdGVybWluYWwsIEkgZ290DQpQb3N0 4oCmDQoNCiFBZGRpbmcga2V5OiBkb209eHh4eCBwcm90bz1kcDlpaw0KVXNlcltrb2thbW90b106 IDxqdXN0IENSPg0KUGFzc3dvcmQ6IDxteSBwYXNzd29yZCBzYW1lIGFzIGFib3ZlPg0KDQpCYWNr IHRvIHVzZXJba29rYW1vdG9dIGxpbmVzDQoNCkFueSBoaW50cz8NCg0KS2VuamkNCldpbmRvd3Mg MTAg54mI44Gu44Oh44O844Or44GL44KJ6YCB5L+hDQoNCuW3ruWHuuS6ujogc3RhbmxleSBsaWVi ZXINCumAgeS/oeaXpeaZgjogMjAxNuW5tDbmnIgz5pelIDIzOjQ5DQrlrpvlhYg6IDlmcm9udEA5 ZnJvbnQub3JnDQrku7blkI06IFJlOiBbOWZyb250XSBUaGUgbGFzdCBDRCBkaXN0cmlidXRpb24N Cg0KaHR0cDovL2ZxYS45ZnJvbnQub3JnL2ZxYTcuaHRtbCM3LjQuMy4yDQoNCg== --_B1B89EC4-8166-476D-81BA-357A5ED6D912_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

Yes, I`ve read that= document, but still fails.

When I dispatched the command on my pc64 auth server(=3Dfile/cpu server)= of

passwd like:

titan:= passwd kokamoto

then I got

Plan9 password: <p= assword input>

Passwd: AS protocol botch.=

When I try to login from a terminal, I got

Pos= t=E2=80=A6

!Adding key: dom=3Dxxxx proto= =3Ddp9ik

User[kokamoto]: <just CR>

Password= : <my password same as above>

Back t= o user[kokamoto] lines

Any hints?

<= /o:p>

Kenji

Windows 10 =E7=89=88=E3=81=AE=E3=83=A1=E3=83=BC=E3=83=AB= =E3=81=8B=E3=82=89=E9=80=81=E4=BF=A1

&nbs= p;

=E5=B7=AE=E5=87=BA=E4=BA=BA: stanley lieber
=E9=80=81=E4=BF=A1=E6=97=A5=E6=99=82= : 2016=E5=B9=B46=E6=9C=883=E6=97=A5 23:49
=E5=AE=9B=E5=85=88: 9front@9fron= t.org
=E4=BB=B6=E5=90=8D: Re: [9front] The last CD distribution

http= ://fqa.9front.org/fqa7.html#7.4.3.2

= --_B1B89EC4-8166-476D-81BA-357A5ED6D912_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mta01.eonet.ne.jp ([203.140.81.20]) by ur; Sat Jun 4 02:16:31 EDT 2016 Received: from [IPv6:::ffff:192.168.11.16] (101-141-38-58f1.osk3.eonet.ne.jp [101.141.38.58]) by mailmsa11.mozu.eo.k-opti.ad.jp with ESMTP id u546GPOO031156 for <9front@9front.org>; Sat, 4 Jun 2016 15:16:25 +0900 Message-Id: <201606040616.u546GPOO031156@mailmsa11.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 To: "9front@9front.org" <9front@9front.org> From: =?utf-8?Q?=E5=B2=A1=E6=9C=AC=E5=81=A5=E4=BA=8C?= Subject: RE: [9front] The last CD distribution Date: Sat, 4 Jun 2016 15:16:14 +0900 Importance: normal X-Priority: 3 In-Reply-To: <201606040559.u545xkD6026946@mailmsa12.mozu.eo.k-opti.ad.jp> References: <6239f97ba80cb8dcc56b0a2d6f56254a@felloff.net> <201606040559.u545xkD6026946@mailmsa12.mozu.eo.k-opti.ad.jp> Content-Type: multipart/alternative; boundary="_6F26AE53-EFB2-4DD7-BE01-3DB7E5B1797E_" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: engine lifecycle-oriented control --_6F26AE53-EFB2-4DD7-BE01-3DB7E5B1797E_ Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8" QnkgdGhlIHdheSwgaG93IEkgY2FuIGtub3cgd2hpY2ggZW5jcmlwdGlvbiBtZXRob2QgaXMgdXNl ZCwNClA5c2sxIG9yIGRwOWlrPw0KSSBkb3VidCBJ4oCZbSB1c2luZyBwOXNrMSwgZXZlbiBJ4oCZ dmUgZGVsZXRlZCBwOXNrMSBsaW5lIGZyb20gDQovbW50L2ZhY3RvdHVtL2N0bC4NCg0KS2VuamkN Cg0KV2luZG93cyAxMCDniYjjga7jg6Hjg7zjg6vjgYvjgonpgIHkv6ENCg0K5beu5Ye65Lq6OiDl sqHmnKzlgaXkuowNCumAgeS/oeaXpeaZgjogMjAxNuW5tDbmnIg05pelIDE0OjU5DQrlrpvlhYg6 IDlmcm9udEA5ZnJvbnQub3JnDQrku7blkI06IFJFOiBbOWZyb250XSBUaGUgbGFzdCBDRCBkaXN0 cmlidXRpb24NCg0KWWVzLCBJYHZlIHJlYWQgdGhhdCBkb2N1bWVudCwgYnV0IHN0aWxsIGZhaWxz Lg0KV2hlbiBJIGRpc3BhdGNoZWQgdGhlIGNvbW1hbmQgb24gbXkgcGM2NCBhdXRoIHNlcnZlcig9 ZmlsZS9jcHUgc2VydmVyKSBvZg0KcGFzc3dkIGxpa2U6DQp0aXRhbjogcGFzc3dkIGtva2Ftb3Rv DQp0aGVuIEkgZ290DQpQbGFuOSBwYXNzd29yZDogPHBhc3N3b3JkIGlucHV0Pg0KUGFzc3dkOiBB UyBwcm90b2NvbCBib3RjaC4NCg0KV2hlbiBJIHRyeSB0byBsb2dpbiBmcm9tIGEgdGVybWluYWws IEkgZ290DQpQb3N04oCmDQoNCiFBZGRpbmcga2V5OiBkb209eHh4eCBwcm90bz1kcDlpaw0KVXNl cltrb2thbW90b106IDxqdXN0IENSPg0KUGFzc3dvcmQ6IDxteSBwYXNzd29yZCBzYW1lIGFzIGFi b3ZlPg0KDQpCYWNrIHRvIHVzZXJba29rYW1vdG9dIGxpbmVzDQoNCkFueSBoaW50cz8NCg0KS2Vu amkNCldpbmRvd3MgMTAg54mI44Gu44Oh44O844Or44GL44KJ6YCB5L+hDQoNCuW3ruWHuuS6ujog c3RhbmxleSBsaWViZXINCumAgeS/oeaXpeaZgjogMjAxNuW5tDbmnIgz5pelIDIzOjQ5DQrlrpvl hYg6IDlmcm9udEA5ZnJvbnQub3JnDQrku7blkI06IFJlOiBbOWZyb250XSBUaGUgbGFzdCBDRCBk aXN0cmlidXRpb24NCg0KaHR0cDovL2ZxYS45ZnJvbnQub3JnL2ZxYTcuaHRtbCM3LjQuMy4yDQoN Cg0K --_6F26AE53-EFB2-4DD7-BE01-3DB7E5B1797E_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

By the way, how I c= an know which encription method is used,

P9sk1 or dp9ik?

I doubt I=E2=80=99m using p9sk1, even I=E2=80=99ve deleted p9sk1 l= ine from

/mnt/factotum/c= tl.

Kenji

Windows 10 =E7=89=88=E3=81=AE=E3=83=A1=E3=83=BC=E3=83=AB=E3=81=8B= =E3=82=89=E9=80=81=E4=BF=A1

=E5=B7=AE=E5=87=BA=E4=BA=BA: =E5=B2=A1=E6=9C=AC=E5=81=A5=E4=BA=8C
=E9=80=81=E4=BF=A1=E6=97=A5=E6=99=82: 2016=E5=B9=B46= =E6=9C=884=E6=97=A5 14:59
<= /span>=E5=AE=9B=E5=85=88: 9front@9front.org
= =E4=BB=B6=E5=90=8D: RE: [9= front] The last CD distribution

Yes, I`ve read that docume= nt, but still fails.

When I dispatch= ed the command on my pc64 auth server(=3Dfile/cpu server) of

passwd like:

titan: passwd kokamoto

then I got

Plan9 password: <password input>

Passwd: AS protocol botch.

<= span lang=3DEN-US>When I try to login from a terminal, I got

Post=E2=80=A6

<= span lang=3DEN-US>!Adding key: dom=3Dxxxx proto=3Ddp9ik

User[kokamoto]: <just CR>

<= p class=3DMsoNormal>Password: <my password same as ab= ove>

Back to user[kokamoto] l= ines

Any hints?

Kenji

Windows 10 =E7=89=88=E3=81=AE=E3=83=A1=E3=83=BC=E3=83=AB=E3=81=8B= =E3=82=89=E9=80=81=E4=BF=A1

=E5=B7=AE=E5=87=BA=E4=BA=BA: stanley = lieber
=E9=80=81=E4=BF=A1=E6=97=A5=E6=99=82: 2016=E5=B9=B4= 6=E6=9C=883=E6=97=A5 23= :49
=E5=AE=9B=E5=85=88: 9front@9front.org
=E4=BB=B6=E5=90=8D: Re: [9front] The last CD distribution

http://fqa.9front.org/fqa7.ht= ml#7.4.3.2<= /span>

<= /p>

= --_6F26AE53-EFB2-4DD7-BE01-3DB7E5B1797E_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from duke.felloff.net ([216.126.196.34]) by ur; Sat Jun 4 10:13:51 EDT 2016 Message-ID: <262cd60a53bcb365c275b3153c090ba8@felloff.net> Date: Sat, 4 Jun 2016 16:13:43 +0200 From: cinap_lenrek@felloff.net To: 9front@9front.org Subject: RE: [9front] The last CD distribution In-Reply-To: <201606040559.u545xkD6026946@mailmsa12.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: abstract webscale enhancement-based JSON over YAML realtime STM-scale engine method > Yes, I`ve read that document, but still fails. > When I dispatched the command on my pc64 auth server(=file/cpu server) of > passwd like: > titan: passwd kokamoto > then I got > Plan9 password: > Passwd: AS protocol botch. what command did you dispatch here? lets break it down systematically please. authentication with p9sk1 or dp9ik have 3 parties involved: - the client - the server - the AS (authentication server) the server has its hostowner key, which is derived from hostowner user name and the password. it is loaded into factotum from nvram on boot or secstore or manually entered when it boots. the client is the same, it has its own hostowner user and password but usually dosnt prompt for it on boot. when you need to authenticate, factotum will prompt for username and password if it doesnt have the key already. the client doesnt need to know the servers key, and the server doesnt need to know the clients key. the authentication server needs to have the keys for both client and server in its keydb. nothing has changed between p9sk1 and dp9ik in that regard. what changed is that dp9ik uses new 128 bit aes key instead of 56 bit des key. nvram and keydb can store both keys at the same time. keydb however needs to be converted to aes format to be able to store the new keys. auth/convkeys will just change the format, but will not set valid aes keys for the users. so the first step is to convert keydb on the auth server to the aes format. if your auth server uses nvram to decrypt the keydb, you should also use auth/wrkey so it will be able to decrypt the new keydb after reboot. keyfs needs to be restarted after converstion... reboot the AS. then, set new passwords with eigther auth/changeuser or passwd. the passwd method will fail when the -N flag to authsrv is set but there are no aes keys set for the user yet! maybe this is causing the trouble. in that case, you can use auth/changeuser on the authserver directly with /mnt/keys in your namespace or temporarily remove the -N flag from /rc/bin/service.auth/tcp567 once the authserver has both keys for the client and the server, you can attempt updating nvrams and secstores of your file and cpu servers and terminals. -- cinap From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mta01.eonet.ne.jp ([203.140.81.44]) by ur; Sat Jun 4 20:21:07 EDT 2016 Received: from [IPv6:::ffff:192.168.11.16] (101-141-38-58f1.osk3.eonet.ne.jp [101.141.38.58]) by mailmsa11.mozu.eo.k-opti.ad.jp with ESMTP id u550Kxbk026214 for <9front@9front.org>; Sun, 5 Jun 2016 09:21:00 +0900 Message-Id: <201606050021.u550Kxbk026214@mailmsa11.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 To: "9front@9front.org" <9front@9front.org> From: =?utf-8?Q?=E5=B2=A1=E6=9C=AC=E5=81=A5=E4=BA=8C?= Subject: RE: [9front] The last CD distribution Date: Sun, 5 Jun 2016 09:20:48 +0900 Importance: normal X-Priority: 3 In-Reply-To: <262cd60a53bcb365c275b3153c090ba8@felloff.net> References: <201606040559.u545xkD6026946@mailmsa12.mozu.eo.k-opti.ad.jp> <262cd60a53bcb365c275b3153c090ba8@felloff.net> Content-Type: multipart/alternative; boundary="_9D935AA1-B3BE-4A86-8AA2-D1B586DE0B03_" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: mobile service WEB2.0 scripting grid-based frontend --_9D935AA1-B3BE-4A86-8AA2-D1B586DE0B03_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" >what command did you dispatch here? As I wrote, it=E2=80=99s passwd command for kokamoto >lets break it down systematically please. Sorry, however, if I could do it, I=E2=80=99ll never face this problem, I t= hink. >then, set new passwords with eigther auth/changeuser or passwd. I tried both. >the passwd method will fail when the -N flag to authsrv is set but there are no aes keys set for the user yet! Yes, I think this the problem I faqcing. When I see /mnt/keys/kokamoto, there are several files, however, Which file sizes are all zero. >temporarily remove the -N flag from /rc/bin/service.auth/tcp567 I tried this. 1) remove -N frag from /rc/bin/service.auth/tcp567 2) reboot the auth/file/cpu server 3) auth/changeuser comman for kokamoto 4) of course, now I can login from a terminal, I tested. 5) Now add -N flag on tcp567 above 6) reboot the auth/file/cpu server 7) tried to login myselef from a terminal 8) the terminal says =E2=80=A6. Post=E2=80=A6 !Adding key: dom=3Dxxxxx proto=3Ddp9ik User[kokamoto] 9) then, I input password of myself 10) CONGRATULATIONS! yes, I can login to the terminal 11) However, when I see /mnt/keys/kokamoto on the auth server I see several files, however the sizes are all zero yet Yes, your advice solved my problem, although I still have ? on (11). Thanks a lot! I can now work on my purpose. Kenji --_9D935AA1-B3BE-4A86-8AA2-D1B586DE0B03_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

>what command did you dispatch here?

As I wrote, it=E2=80=99s passwd command for kokamoto=

>lets break it down systematically = please.

Sorry, however, i= f I could do it, I=E2=80=99ll never face this problem, I think.

<= p class=3DMsoNormal>

>then, set new passwords with eigther au= th/changeuser

or passwd.<= /span>

I tried both.

<= p class=3DMsoNormal>

>the passwd method will fail when the -N= flag to authsrv

is set b= ut there are no aes keys set for the user yet!

Yes, I think this the problem I faqcing.

When I see /mnt/keys/kokamoto, there are se= veral files, however,

Whi= ch file sizes are all zero.

>= temporarily remove the -N flag from

/rc/bin/service.auth/tcp567

I tried this.

1) remove -N frag from /rc/bin/= service.auth/tcp567

2) reboot the auth/file/cpu server=

3) auth/changeuser comman for kokamoto

4) of course, now I can login from a terminal, I tested.

<= p class=3DMsoListParagraph style=3D'margin-left:18.0pt;mso-para-margin-left= :0gd;text-indent:-18.0pt;mso-list:l0 level1 lfo1'>5) Now add -N flag on tcp567 above

6)= reboot= the auth/file/cpu server

7) = tried to login myselef fr= om a terminal

= 8)<= span style=3D'font:7.0pt "Times New Roman"'> the terminal says

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =E2=80=A6.

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0 Post=E2=80=A6

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 !Adding key: dom=3Dxxxxx proto=3Ddp9ik

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 User[kokamoto]

9) then, I input password of myself

10) <= /span>CONGRATULATIONS!

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 yes,= I can login to the terminal

11) = However, when I see /mnt/keys/kokamoto = on the auth server

=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 I = see several files, however the sizes are all zero yet

Yes, your advice solved my problem, although I still = have ? on (11).

&nbs= p;

Thanks a lot!

I can now work on my purpos= e.

Kenji

= --_9D935AA1-B3BE-4A86-8AA2-D1B586DE0B03_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mta01.eonet.ne.jp ([203.140.81.20]) by ur; Sat Jun 4 20:26:25 EDT 2016 Received: from [IPv6:::ffff:192.168.11.16] (101-141-38-58f1.osk3.eonet.ne.jp [101.141.38.58]) by mailmsa11.mozu.eo.k-opti.ad.jp with ESMTP id u550QI3a027713 for <9front@9front.org>; Sun, 5 Jun 2016 09:26:18 +0900 Message-Id: <201606050026.u550QI3a027713@mailmsa11.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 To: "9front@9front.org" <9front@9front.org> From: =?utf-8?Q?=E5=B2=A1=E6=9C=AC=E5=81=A5=E4=BA=8C?= Subject: RE: [9front] The last CD distribution Date: Sun, 5 Jun 2016 09:26:07 +0900 Importance: normal X-Priority: 3 In-Reply-To: <201606050021.u550Kxbk026214@mailmsa11.mozu.eo.k-opti.ad.jp> References: <201606040559.u545xkD6026946@mailmsa12.mozu.eo.k-opti.ad.jp> <262cd60a53bcb365c275b3153c090ba8@felloff.net> <201606050021.u550Kxbk026214@mailmsa11.mozu.eo.k-opti.ad.jp> Content-Type: multipart/alternative; boundary="_CB382FF1-B18E-46B2-9DCC-BA074001C468_" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: open-source open hypervisor hosting method --_CB382FF1-B18E-46B2-9DCC-BA074001C468_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If the process was expected one. We have to reboot the auth/file/cpu server whenever we add a user onto this system. Am I wrong? Kenji --_CB382FF1-B18E-46B2-9DCC-BA074001C468_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

If the process was = expected one.

We have to = reboot the auth/file/cpu server whenever we add

a user onto this system.

Am I wrong?

Kenji

= --_CB382FF1-B18E-46B2-9DCC-BA074001C468_-- From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mta01.eonet.ne.jp ([203.140.81.20]) by ur; Sat Jun 4 20:37:40 EDT 2016 Received: from mars.jitaku.localdomain (101-141-38-58f1.osk3.eonet.ne.jp [101.141.38.58]) by mailmsa11.mozu.eo.k-opti.ad.jp with ESMTP id u550bYAp030862 for <9front@9front.org>; Sun, 5 Jun 2016 09:37:34 +0900 To: 9front@9front.org Subject: RE: [9front] The last CD distribution Date: Sun, 5 Jun 2016 09:37:33 +0900 From: kokamoto@hera.eonet.ne.jp Message-ID: In-Reply-To: <201606050026.u550QI3a027713@mailmsa11.mozu.eo.k-opti.ad.jp> References: <201606040559.u545xkD6026946@mailmsa12.mozu.eo.k-opti.ad.jp> <262cd60a53bcb365c275b3153c090ba8@felloff.net> <201606050021.u550Kxbk026214@mailmsa11.mozu.eo.k-opti.ad.jp> <201606050026.u550QI3a027713@mailmsa11.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: virtual basic DOM-based markup-aware GPU control Hehehe I'm now writing this email from a plan9 terminal! Kenji From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from duke.felloff.net ([216.126.196.34]) by ur; Sat Jun 4 21:44:06 EDT 2016 Message-ID: <005ef1d6698a8423dc46792462d84760@felloff.net> Date: Sun, 5 Jun 2016 03:43:58 +0200 From: cinap_lenrek@felloff.net To: 9front@9front.org Subject: RE: [9front] The last CD distribution In-Reply-To: <201606050026.u550QI3a027713@mailmsa11.mozu.eo.k-opti.ad.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: shared abstract SOAP service hypervisor-aware controller > If the process was expected one. > We have to reboot the auth/file/cpu server whenever we add > a user onto this system. > Am I wrong? > Kenji that depends. the authserver needs to be rebooted after you converted to aes format. or at least you'd have to kill the listener for /rc/bin/service.auth and restart it with a new instance of auth/keyfs in its namespace. you might need to reboot your cpu/file server, or install the new dp9ik key to its hostowner factotum manually by mounting /srv/factotum and write the ctl file. a reboot can do that given you have updated its nvram or installed the new key in secstore. if you already had a dp9ik key in its factotum and they match with what the authserver has in its keydb, then no reboot is neccesary. the most important thing is making sure the authserver's database has the keys for your cpu/file/auth server's hostowners. once you have that you can use auth/debug or try to authenticate as these users and see if everything works and make sure the clients and server have the right keys in ther factotums. if the authserver doesnt have keys for your server and terminal it cannot work. on the client side, you only get "key mismatch" error when your client key doesnt match with the authserver. the client can detect this as it will fail to decrypt the ticket from the authserver. if the server's key doesnt match the authservers you get protocol botch error. this is because the server will terminate the connection when it gets a ticket it cannot decrypt. -- cinap From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mta01.eonet.ne.jp ([203.140.81.44]) by ur; Sun Jun 5 03:50:06 EDT 2016 Received: from titan.jitaku.localdomain (101-141-38-58f1.osk3.eonet.ne.jp [101.141.38.58]) by mailmsa11.mozu.eo.k-opti.ad.jp with ESMTP id u557nx6j005481 for <9front@9front.org>; Sun, 5 Jun 2016 16:49:59 +0900 To: 9front@9front.org Subject: RE: [9front] The last CD distribution Date: Sun, 5 Jun 2016 16:49:59 +0900 From: kokamoto@hera.eonet.ne.jp Message-ID: <51d3a7502b1a097d1cd950dc5c9c8d1c@titan.jitaku.localdomain> In-Reply-To: <005ef1d6698a8423dc46792462d84760@felloff.net> References: <005ef1d6698a8423dc46792462d84760@felloff.net> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: non-blocking general-purpose method-oriented manager Thank you cinap, very much. This is a clear teaching to me. Now, I think I undestand it clearly. Now, secstore also works for my system. Kenji