On Monday 10 August 2009 02:55:58 Steve Simon wrote: > The machine key _is_ the hostowners password, DES encrypted with > the hostowner's name, the details are in the code. >
The hostowners password stored in nvram, and the hostowner's password stored in the authentication database served by keyfs can be set to different strings - but the documentation suggests that they should match: http://plan9.bell-labs.com/wiki/plan9/Configuring_a_Standalone_CPU_Server " REBOOT Reboot the machine. [...] It will ask for an authid, authdom, secstore key, and password. [...] Remember the password, you will need it again later when creating the 'bootes' user. " ... and later: " AUTHENTICATION SERVER CONFIGURATION Firstly, you must set the password for bootes using auth(8) and the password you just entered during bootup: auth/changeuser bootes " I'm curious if their are repercussions, and of what nature, if they do not match. > the secstore key is just that, it us useful for storing account > details that the hostowner may need - for example I keep my > sources account in hostowner's secstore so I can cpu -u bootes > to become hostowner and then do a pull. > > I have to type in the hostowner's secstore key about once a year - though > it is read from the nvram un onlock the hostowners secstore on every boot > of my cpu/auth/file server. > > I use the hostowner's key once a week or so to cpu in to do a pull or if > I need access to the server's /dev/kmesg or devices. > Cool thanks -- so, it's the machine key that is only ever used by the machine itself and never by a human being after it has been set?
