Thanks Russ for the typically thoughtful and informative reply. You
are perhaps the most valuable resource on any mailing list anywhere.
There ought to be an award or something.
The reason I ask is that I missed that step the first time I tried to
set up the CPU/Auth server, but I've since gone through it all again
carefully more than once, and I stll get "connection rejected" with
my Ken's file server. (Yes I know fossil/venti is the current
standard, but what can I say, I'm, perhaps irrationally, or at least
non-rationally, attached to the old file server.)
The problem is, other than going through the Wiki and 9fans archives,
which I've done, I don't have any notion of how to find out where I
went wrong. I successfully set this up in the past. I did remember to
add IL back to pccpuf, and, as I said, I followed the Wiki. I'm at a
loss.
Any pointers appreciated.
Greg
On Jul 26, 2008, at 12:15 PM, Russ Cox wrote:
In the Wiki on configuring a standalone cpu server, there is a
part that
says to run auth/keyfs to provide a password for the machine.
Assuming
a fresh install, this is done while logged in as glenda.
Is this really necessary? Is it different from zeroing the nvram and
then entering authid, password, etc.?
Yes, and yes.
Auth/keyfs is the authentication database.
It holds key info for every user in the
authentication domain it serves, including
whatever user the cpu server itself runs as.
Filling out the nvram sets the info that gets
used to initialize the cpu server's factotum.
Like any other factotum, it needs to have a key
that matches the one in authentication database.
Auth/keyfs could plausibly preinitialize the
entry for the host owner using the nvram key,
and that would be fine most of the time, but
not always. (It is possible to boot in one auth
domain but load an auth/keyfs and be an auth
server for a second domain. This is why, for
example, users with accounts on the auth
server sources.cs.bell-labs.com can mount
its fossil but not cpu to the machine.)
Russ
