From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from duke.felloff.net ([216.126.196.34]) by ur; Fri Jun  3 07:02:45 EDT 2016
Message-ID: <31ada30979b6c9c7d6effac7e4c2172f@felloff.net>
Date: Fri, 3 Jun 2016 13:02:38 +0200
From: cinap_lenrek@felloff.net
To: 9front@9front.org
Subject: Re: [9front] The last CD distribution
In-Reply-To: <201606030814.u538Esrb029095@mailmsa12.mozu.eo.k-opti.ad.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: basic patented firewall-oriented session engine 

des tickets have been disabled (2016/04/08) on the auth server to prevent
password bruteforce attack with the -N flag to authsrv in /rc/bin/service.auth/tcp567.
removing that flag would make p9sk1 work again but will get you hacked.

the prefered way is to update your keydb. if your keydb is not already
in aes format (needed to store new aes keys) you have to convert it
with auth/convkeys -pa.

then you have to set new passwords.

then update the nvrams on your servers to match the new hostowner
passwords.

finally, you might update your secstore file and delete the p9sk1 key
and replace them with dp9ik keys.

--
cinap