Subject: [9front] Loading TLS keys from secstore during boot
Date: Sat, 8 Apr 2023 18:59:25 +0000 (UTC) [thread overview]
Message-ID: <firstname.lastname@example.org> (raw)
On an all-in-one plan9 install, auth+fs+cpu, I load the private TLS keys into factotum from cpurc (from disk). All is fine with the https, IMAP and SMTP servers, but I wonder if I can keep the keys in secstore, instead of the /sys/lib/tls/acmed/ directory.
I've created the sectsore for glenda (with the factotum file holding the TLS keys), I've run auth/wrkey again, this time filling the secstore password (of glenda). But, on boot, factotum has only the authentication keys (p9sk1, dp9ik). It is true that auth/secstored is started in my /cfg/$sysname/cpurc, when factotum is already running. So, I think I miss something and more :)
The FQA mentions that I shouldn't fill the secstore password when I run auth/wrkey on an auth server, but I don't see how else can I do it. If I run auth/secstore, it asks the password. I was hopping the kernel will load that from nvram during boot.
Why it doesn't work?
What else can I do?
next reply other threads:[~2023-04-08 19:00 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-08 18:59 ooga [this message]
2023-04-09 14:15 ` [9front] " ooga
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).