>> cpu% mount -n /mnt/term/srv/sources /n/sources >> >> !Adding key: dom=outside.plan9.bell-labs.com proto=p9sk1 >> user[nwf]: > > Why is the terminal able to use /srv/sources to mount /n/sources but the cpu > server isn't able to use exportfs's access to /srv/sources to do the same?
mount -n doesn't ask for keys, despite what this transcript looks like. If you run ps on both systems (in other windows), I bet you will find that the /factotum -g process asking for the key is running on your terminal, not the cpu server. When the cpu server mounts /mnt/term/srv/sources, it sends Tread and Twrite requests for /srv/sources to the exportfs serving /mnt/term. That's a 9P conversation inside a 9P conversation, i.e. the payloads of the Tread and Rwrite messages are themselves 9P messages. Clumsy fact #1: After an fd has been mounted, ordinary read and write system calls are not allowed on it: the kernel owns the 9P connection now. Not doing this would require serious effort in the kernel, since user-level reads and writes would interfere with the kernel's reads and writes. The obvious implementation of Tread/Twrite in exportfs-- call the read and write system calls on the underlying fd-- can't work for exporting /srv/sources, because the kernel owns the 9P connection. Instead, exportfs mounts /srv/sources onto /mnt/exportfs/1 and then invokes itself recursively to serve /mnt/exportfs/1 onto a freshly created pipe. Then it translates the Tread/Twrite messages for /srv/sources into read and write system calls on that pipe. Clumsy fact #2: 9P is really intended for two use cases: either the server never requires authentication (in which case it replies to Tauth with an Rerror), or it always does (in which case it replies to Tauth with Rauth and you authenticate on that fid). Sources is an attempt to have it both ways: if you don't offer to authenticate (don't bother sending a Tauth), sources won't ask you to, but if you do offer, you have to follow through. In contrast, when you offer to authenticate to, say, the plumber, it just waves you off. In hindsight, a better way to do the dual-mode sources would have been to announce on two different ports, one with authentication and one without. But what's done is done. So... When cpu's exportfs mounts /srv/sources in order to start serving /mnt/term/srv/sources, it uses amount(2) (just like mount does without -n), which offers to authenticate and then causes the prompt. The -n flag to srv only affects the mount that srv does, not future mounts. The easiest thing to do is pretend this didn't happen and just mount sources directly from phlogiston. If that machine doesn't have network connectivity to sources, you could bind /mnt/term/net /net; 9fs sources Russ
