[9fans] how to use secstore in p9p

Discussion:

(too old to reply)

Rudolf Sykora

2012-12-07 15:42:32 UTC

Hello,

please, what do I have to do in order to use secstore on linux with plan9port?
(I do not like having to type the keys into factotum manually...)

I guess I must somehow run sectored, somehow add myself to be a user
of sectore, set up password, create a factotum file within secstore.
I tied several things, but still can't make it run.

I think I, by running 'secuser ruda', added myself to the sectore.
I am now at a point when this happens:

;secstored
;redstar Dec 7 15:53:02 ANNOUNCE tcp!*!5356

;secstore -s 'tcp!redstar!secstore' -g factotum
secstore password: redstar Dec 7 15:55:55 no ndb/auth
redstar Dec 7 15:55:55 secstore from ?!?

But I don't know what's going on. I don't understand the part about
'no ndb/auth'...
I can't really find simple instructions about the topic.

Can you shed some light on this for me, please?

Thanks!

Ruda

Rudolf Sykora

2012-12-08 17:29:46 UTC

Permalink

Post by Rudolf Sykora
;secstore -s 'tcp!redstar!secstore' -g factotum
secstore password: redstar Dec 7 15:55:55 no ndb/auth
redstar Dec 7 15:55:55 secstore from ?!?

Well, I moved on a bit.
Now I have a factotum file in secstore.

However I can't make factotum read the file when it starts.
I run
;secstored
;redstar Dec 8 18:20:27 ANNOUNCE tcp!*!5356
which seems ok. I then try

;factotum
redstar Dec 8 18:20:32 secstore from ?!?

... and that's it, I don't get the prompt back, it hangs...

I have an environmental variable sectore set to 'localhost'
I have another one, auth, also set to 'localhost'.
(I don't know what really uses these, if any, but at least the 1st
seems to be used when factotum tries to find running sectore.)

Also, I created an empty file $PLAN9/ndb/auth, which for some reasons makes the
no ndb/auth
part of the message reported in my previous mail disappear (I found
this in one of the Russ' mail to someone).
But what is this about?

Thanks
Ruda

David du Colombier

2012-12-08 18:27:41 UTC

Permalink

Post by Rudolf Sykora
;factotum
redstar Dec 8 18:20:32 secstore from ?!?
... and that's it, I don't get the prompt back, it hangs...

Please apply the following patch. It should fix your problem.

http://codereview.appspot.com/6906057

cd $PLAN9
hget http://codereview.appspot.com/download/issue6906057_2002.diff | patch -p1
cd src/cmd/auth/factotum/
mk nuke && mk install && mk clean

This is a remnant of a bug we fixed two years ago.

--
David du Colombier

r***@gmail.com

2012-12-09 15:20:49 UTC

Permalink

Post by David du Colombier
Please apply the following patch. It should fix your problem.
http://codereview.appspot.com/6906057
cd $PLAN9
hget http://codereview.appspot.com/download/issue6906057_2002.diff | patch -p1
cd src/cmd/auth/factotum/
mk nuke && mk install && mk clean
This is a remnant of a bug we fixed two years ago.
--
David du Colombier

Thanks for the patch. This helped and what I wanted (with secstore)
now works. Still I dare have a few remaining questions:

When I now run factotum, I get:

;factotum
redstar Dec 9 15:08:15 secstore from ?!?
secstore password:
redstar Dec 9 15:08:18 secstore from ?!?
redstar Dec 9 15:08:52 AUTH ruda
redstar Dec 9 15:08:52 [ruda] GET factotum

redstar Dec 9 15:08:52 [ruda] BYE

which is ok, but there still is a few-second-long delay (say 10 sec)
between me entering the password and the response (initially I thought
the thing had hung again). So
1/ Why is there the delay?
2/ What does the 'secstore from ?!?' message want to convey?

Finally,
3/ I've created an empty $PLAN9/ndb/auth file in order to get rid of the
'no ndb/auth' message, which used to appear when trying to run the
'sectore' command. What is this all about?

Thanks again for the working patch and for any potential answer to my
questions!

Ruda

r***@gmail.com

2012-12-09 15:18:32 UTC

Permalink

David du Colombier

2012-12-09 17:14:12 UTC

Permalink

Post by r***@gmail.com
1/ Why is there the delay?

I think the delay you observe is caused by aesCBCencrypt or
aesCBCdecrypt trying to find some entropy from /dev/random.

Try to move the mouse or do something else when secstored
is encrypting or decrypting the secstore.
It should speed up the process.

Post by r***@gmail.com
2/ What does the 'secstore from ?!?' message want to convey?

"?!?" should be the IP address of the secstore client,
but since there is no /net/tcp/*/remote file on Unix,
it cannot display it.

Post by r***@gmail.com
3/ I've created an empty $PLAN9/ndb/auth file in order to get rid of
the 'no ndb/auth' message, which used to appear when trying to run the
'sectore' command. What is this all about?

This is needed for RADIUS authentication.
It's probably useless in your case.

--
David du Colombier

Rudolf Sykora

2012-12-09 18:06:53 UTC

Permalink

Post by David du Colombier

Post by r***@gmail.com
1/ Why is there the delay?

I think the delay you observe is caused by aesCBCencrypt or
aesCBCdecrypt trying to find some entropy from /dev/random.
Try to move the mouse or do something else when secstored
is encrypting or decrypting the secstore.
It should speed up the process.

Post by r***@gmail.com
2/ What does the 'secstore from ?!?' message want to convey?

"?!?" should be the IP address of the secstore client,
but since there is no /net/tcp/*/remote file on Unix,
it cannot display it.

This is needed for RADIUS authentication.
It's probably useless in your case.
--
David du Colombier

Ok. Thanks for the explanation!
Ad 1/: yes I really noticed the delay is shorter when mouse is moved.

Ruda

r***@gmail.com

2012-12-09 14:43:00 UTC

Permalink