You don't need to run a second authentication server,
just a second authentication domain. The way to do this
is to start the fossil as normal but then replace the usual
aux/listen command with
@{
rfork n
auth/factotum
read -m new.factotum >/mnt/factotum/ctl
aux/listen tcp
}
and then the listeners will be using the new factotum.
If you put in new.factotum (which should be handled
some other way but so be it) a key like
key proto=p9sk1 user=davide dom=other.cs.cmu.edu !password=asdf
then you will find that cpu'ing into that machine will prompt
for a key from other.cs.cmu.edu, and your account will
be the only one that works (any others would require
an authentication server).
Russ
