> The failure mode was reported as a missing "service=sshserve" key in
> factotum, whereas it seems to have been a file access (permissions?)
> problem (none can't get where eve can). That none can Bopen()
> /mnt/factotum/ctl but can't read its contents is also a bit strange.
Reading /mnt/factotum/ctl only gives you the keys you are allowed to use.
factotum(4) says:
The factotum owner can use any key stored by factotum. Any
key may have one or more owner attributes listing the users
who can use the key as though they were the owner. For
example, the TLS and SSH host keys on a server often have an
attribute owner=* to allow any user (and in particular,
`none') to run the TLS or SSH server-side protocol.
Therefore the example in ssh(1) for generating a key should say:
auth/rsagen -t 'service=sshserve owner=*' >/mnt/factotum/ctl
