From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <9front-bounces@9front.inri.net> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: from 9front.inri.net (9front.inri.net [168.235.81.73]) by inbox.vuxu.org (Postfix) with ESMTP id C0B7426AE7 for ; Thu, 27 Jun 2024 11:19:25 +0200 (CEST) Received: from sirjofri.de ([5.45.105.127]) by 9front; Thu Jun 27 05:17:34 -0400 2024 Received: from dummy.faircode.eu ([95.90.217.91]) by sirjofri.de; Thu Jun 27 11:17:29 +0200 2024 Date: Thu, 27 Jun 2024 11:17:26 +0200 (GMT+02:00) From: sirjofri To: 9front@9front.org Message-ID: <77e4bb43-6a6e-4da5-879f-47611142e840@sirjofri.de> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Correlation-ID: <77e4bb43-6a6e-4da5-879f-47611142e840@sirjofri.de> List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: ISO-certified distributed blockchain package solution Subject: Re: [9front] local auth without cpu service Reply-To: 9front@9front.org Precedence: bulk Hi, I guess there's some big misunderstanding. Factotum doesn't need secstore, not does it need any working network configuration. You can just start factotum and use it. However, factotum needs the keys. The canonical way to feed it with keys is by using secstore, but that's not a hard dependency. Also, in the future there will be some "replacement" for secstore, for security reasons. To keep things short, to feed factotum with keys: auth/factotum -n # run factorum without asking secstore echo $mykey > /mnt/factotum/ctl # key syntax the same as with secstore Use it! There's one thing to note: factorum expects keys one write at a time. That means you can't just cat your secrets from a file that easily, but you can drop a "read -m" between it: cat mysecrets | read -m > /mnt/factotum/ctl (I think it was read with -m). Your mysecrets file should be encrypted in a way, or otherwise secured. sirjofri 27.06.2024 09:18:33 alex : > Hello, > > I would like to use factotum on my notebook, without running a cpu service on it (since it is the only 9front device in my network at the moment). > > At the moment I don't understand all the dependencies, but when I understand the fqa correctly, I think it is something like this: > > - edit /lib/ndb/local, so the local system will be used as auth (setting "auth" and "authdom" matching to "sys", "ipnet" and "dom") > - setting nvram in plan9.ini (in the fqa it states: "nvram=#S/YOURDRIVE/nvram", so I've added "nvram=#S/sdE1/nvram", but I'm not sure whether it should read "nvram=local!/dev/sdE1/nvram", since "ls #S" is showing glenda's home dir and nobootprompt in plan9.ini has the value "local!/dev/sdE1/fscache") > - running auth/wrkey (for making use of the nvram?) > - adding user to the auth server ("auth/keyfs" and "auth/changeuser glenda") > - set up secstored ("mkdir /adm/secstore" and "chmod 770 /adm/secstore") > - start secstored at boot time ("echo auth/secstored > /cfg/$sysname/termrc") > - adding glenda to secstore (auth/secstore glenda") > - using secstore with ipso > > I can't use ipso ("secstore read failed - bad password?"), but I think, I know why that is.. I've set no secstore password in auth/wrkey, but I've added glenda to secstore setting a password). Are these steps correct in principle? Can I redo my first auth/wrkey prompts? > > Thank you very much in advance! > > Best regards, > Alex