From: Romano <unobe@cpan.org>
To: 9front@9front.org
Subject: drawterm and factotum with no role attribute
Date: Sat, 21 Nov 2020 00:35:55 -0800 [thread overview]
Message-ID: <F0F431BFA4A73FCFDAC29257BAF52B1C@smtp.pobox.com> (raw)
This perhaps has been answered elsewhere, but I haven't been able to
find it. I could still be misunderstanding something, but I think
factotum is not documented correctly, or there's a bug in drawterm or
factotum.
In my lib/profile, I had been starting auth/factotum because upon
drawterm'ing in to the system, I didn't see any of my factotum
credentials listed in the output of 'cat /mnt/factotum/ctl', except
for two for the file server (dp9ik and 9psk1). I looked at different
documentation and websites to determine if I was missing something
simple, and nothing came up about why I would have to start factotum
again in my lib/profile. I finally decided to cat /mnt/factotum/log,
which shouled a bunch of:
1: no key matches proto=p9sk1 role=server dom?
1: failure no key matches proto=p9sk1 role=server dom?
1: no key matches proto=dp9ik role=server dom?
1: failure no key matches proto=dp9ik role=server dom?
3: no key matches proto=p9sk1 role=server dom?
3: failure no key matches proto=p9sk1 role=server dom?
3: no key matches proto=dp9ik role=server dom?
3: failure no key matches proto=dp9ik role=server dom?
4: implicit close due to second start; old attr 'proto=dp9ik role=client dom=9front'
I had a 'key proto=dp9ik dom=9front ...' line in my factotum, and
according to the factotum(4) documentation, that should have sufficed:
Any key may have a role attribute for restricting how it can
be used. If this attribute is missing, the key can be used
in any role. The possible values are:
client
for authenticating outbound calls
server
for authenticating inbound calls
speakfor
for authenticating processes whose user id does not
match factotum's.
I added the specific role= for both 'client' and 'server' (so two
separate line entries in factotum), and that allowed me to
successfully login and to have /mnt/factotum/ctl show all my secstore
factotum lines.
Has anyone come across this themselves? Am I misunderstanding the
documentation? Shouldn't 'key proto=dp9ik dom=9front ...' without a
role attribute suffice?
reply other threads:[~2020-11-21 8:36 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=F0F431BFA4A73FCFDAC29257BAF52B1C@smtp.pobox.com \
--to=unobe@cpan.org \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).