From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 25404 invoked from network); 2 Dec 2020 20:25:06 -0000 Received: from ewsd.inri.net (107.191.116.128) by inbox.vuxu.org with ESMTPUTF8; 2 Dec 2020 20:25:06 -0000 Received: from mail-ej1-f45.google.com ([209.85.218.45]) by ewsd; Wed Dec 2 15:23:37 -0500 2020 Received: by mail-ej1-f45.google.com with SMTP id f23so21702ejk.2 for <9front@9front.org>; Wed, 02 Dec 2020 12:23:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=kcOpzADvU4gGtsOfoqfDb6qmkxkfVlwz2PeEyI8Ageo=; b=T+QpaWvrY4xDnjzV/1t07UFEKkRMVIKhLnGnogs6JzpT7i0bbR5jIg8s1DjjTP8yYf Lk4LAPIlFMvY5YaGl12dpJ5NN8WrOD3FNuRjZ/tHT0YF2+q7CDPrbsUbz7yDz8dWNf+A JuwyaP8FbuC1qQtAv20EYQEqA0pSKOKT79hw+JfD2F7qWvEoDRI7YXVxaELvxFPBmt/h 30m/t9cWGjzPaq9j911kLjALsTeqvNPwiO9Hsokzycs0NtcbfOkiiPSCj2zjhQnLlOX8 VoxeELDEQsxnnosThp9xm3qfnA33svXlYJCo/SVotUGC+eihFQe6ohyMgo++TDaePENS nT0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=kcOpzADvU4gGtsOfoqfDb6qmkxkfVlwz2PeEyI8Ageo=; b=AEYU1uS0nhLYKchdD0LaG+sasH2xQ0di05VWg1SB1BOnSTQ2AYi26yK/eCEnUuE+ly 57ROrw1WPvwRSn+ubNiCXg2bD9Qc+RRyt4yeCdV199hnBP6QxQjpSQkZU00T0j7Pd+2Q oNcbfaAJG0mmBT6TEFnomyEk6HKXxnya6/DD0sLnDl0OFstTMOxOMfw6BwE5C2LOrrO3 PZx67IQlxj+hUbomARYp0gbmSv5Zz7woWQyDpnyObp+xuV3K0t96kXP2+M26UT2+J4/z +rtAIMnytb1Ns4VW71h37azhkRnm3MlghqIw7pum3Yd7NWGBlasDlFI5NZ5GgteZEia6 Qg6g== X-Gm-Message-State: AOAM5318xhnHeS5TMibJqk6FrqadtJW0sNgxcqVnm//M+U8JELdax5Nv 0bc5Y5jYnan/061eHRcOdhdMFP3mCbgmNvDFGGGw6SvYxng= X-Google-Smtp-Source: ABdhPJzy/XytiWUsgimNPrEYYdTq35+mEhtmKAfKqVRX9EsXANAEgdPnaJlqdC4bVoBo7p5OfqruZIZ+MEUDcNms9kY= X-Received: by 2002:a17:907:411b:: with SMTP id nw19mr1466383ejb.150.1606940608078; Wed, 02 Dec 2020 12:23:28 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a17:906:6848:0:0:0:0 with HTTP; Wed, 2 Dec 2020 12:23:27 -0800 (PST) In-Reply-To: References: <98CB8CF6-6399-4A0D-B9C5-F01672F230E7@me.com> <8B248954-6CF0-49FD-9AC1-CA06D8070347@me.com> From: hiro <23hiro@gmail.com> Date: Wed, 2 Dec 2020 21:23:27 +0100 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: ISO-certified proven method reduce/map framework Subject: Re: [9front] possible file server setup Reply-To: 9front@9front.org Precedence: bulk yeah as sam-d says. on boot you can enter the password into a keyboard. then there is no need for nvram. and dp9ik uses only passwords, no complicated certificate chains that need special storage... On 12/2/20, Silas McCroskey wrote: >> I was wondering wether it is possible to have a separate auth server tha= t >> TCP/PXE boots from the fileserver. It looks like the idiomatic way on on= e >> end, a =E2=80=9Cchicken and egg=E2=80=9D problem on the other! > > you can auth to another machine without using an auth server as long > as you're authing as the server's hostowner. > > You can use this trick to bring the auth server up second via PXE > (with nvram on a USB stick or something to make it automatic, if > desired) and then use the auth server for everything else. > > I don't know how common this is... I'm pretty sure I did it with VMs a > while back, but on hardware I've always run combined file + auth. > > - sam-d >