On Tue, May 06, 2008 at 01:10:12PM +0100, [EMAIL PROTECTED] wrote: > i haven't used the inferno 9auth stuff to log in as more > than one user, hence i guess i wouldn't have tickled that bug. > > what does 'cat /mnt/factotum/ctl' report after adding the key for user=nwf?
I'm really confused now; I'm going to forward this to 9fans in hopes that somebody can explain. [For those of you now joining the conversation, the original, off-list thread was started because Inferno's factotum and infauth wouldn't let me play the first dance here; the second 9cpu, with -k 'user=bootes' still logged me in as nwf without prompting for a key.] On my Plan 9 terminal, if I run term% echo delkey > /mnt/factotum/ctl term% cpu -h sea.cs.jhu.edu -k 'user=nwf' [add key dance] cpu% exit term% cpu -h sea.cs.jhu.edu -k 'user=bootes' [add key dance] sea# exit term% cat /mnt/factotum/ctl key proto=p9sk1 dom=acm.jhu.edu user=nwf password! key proto=p9sk1 dom=acm.jhu.edu user=bootes password! This is as I expect. But if I reverse the order of the cpu commands, I don't get asked for nwf@'s password. If I then try to log in as another real user on the system, I get asked for that user's password. term% echo delkey > /mnt/factotum/ctl term% cpu -h sea.cs.jhu.edu -k 'user=bootes' [add key dance] sea# term% cpu -h sea.cs.jhu.edu -k 'user=nwf' [no key dance is necessary] cpu% term% cpu -h sea.cs.jhu.edu -k 'user=me' !Adding key: dom=acm.jhu.edu proto=p9sk1 user=me [I don't know me@'s password, so I abort by pressing Del.] cpu: can't authenticate: sea.cs.jhu.edu: auth_proxy rpc write: [EMAIL PROTECTED]: '/factotum' file does not exist. term% cat /mnt/factotum/ctl key proto=p9sk1 dom=acm.jhu.edu user=bootes password! sea's /lib/ndb/auth contains the usual speaksfor relationship: hostid=bootes uid=!sys uid=!adm uid=* sea's /lib/keys.who contains: bootes|bootes host owner|bootes|JHUACM|[EMAIL PROTECTED]|[EMAIL PROTECTED] nwf|nwf|Nathaniel Wesley Filardo|JHUACM|[EMAIL PROTECTED]|[EMAIL PROTECTED] me||Venkatesh Srinivas|JHUACM|[EMAIL PROTECTED]|[EMAIL PROTECTED] sea's /lib/users contains: adm:adm:adm:sys,bootes glenda:glenda:glenda: bootes:bootes:: me:me:: nwf:nwf:: sys:sys::glenda,me,nwf,bootes My username on my terminal is nwf. The question is: why don't I have to present a password to log in as nwf@ after I have logged in as bootes? Why doesn't this explanation hold for [EMAIL PROTECTED] Thanks much. --nwf;
pgp4sLD86E2kD.pgp
Description: PGP signature
