4th Ed. test Cpu/auth server setup
The cpu/auth server is the first machine that should be installed when setting up a plan 9 network. A good overview of the process is available from the Bell-labs Plan9 Wiki page "configuring a standalone CPU server". Before upgrading our existing 3rd Ed. network to the 4th Ed. we setup a test auth/cpu server. what follows are the notes from that process.
During the diskprep stage of the install we add a nvram partitions. To do this, use "p" to print the partition table. We are interested in the default fs partition, which we are going to decrease in size to make room for the nvram partition. For us the fs partition starts at 20482 and ends at 16826619 To change the partitions, enter commands like:
d fs a fs 20382 16826618 a nvram 16826618 16826619 w q
After doing the install, the next thing to do is add the account of the cpu owner. Infomation on adding users be found in the configuration page.
Login as "glenda" and turn of permission checking on the kfs file system:
disk/kfscmd allow
add a line like
10002:bootes:bootesto /adm/users, run kfscmd user to read the user database back into kfs and then run
disk/kfscmd 'create /usr/bootes bootes bootes 775 d' disk/kfscmd 'create /mail/box/bootes bootes upas 775 d' disk/kfscmd 'create /mail/box/bootes/mbox bootes upas 622 al'to setup bootes's home directory and mail box.
Turn back on filesystem checking and halt the filesystem
disk/kfscmd halt
Now reboot the machine using ctrl-alt-del and login as bootes (note the window system will not start at this point) next run
/sys/lib/newuserto set up a profile and start the window system.
Build and install an auth server kernel. We made modifications to the pcauth . file to support more hardware. We also added the etherga620.c driver to support the acenic cards .
disk/kfscmd allow cd /sys/src/9/pc mk 'CONF=pcauth' 9pcauth 9fat: cp 9pcauth /n/9fat/9pcauth disk/kfscmd disallow disk/kfscmd sync
modify /n/9fat/plan9.ini to use the new kernel.
invalidate the nvram using:
echo somegarbagehere > /dev/sd00/nvram
The next step is to setup networking by editing /rc/bin/cpurc and /lib/ndb/local as described in the Getting Started with plan 9 paper.
It is important to add an authdom line to /lib/ndb/local to make 4th Ed. authentication work. Note we had to have a class B section in both ndb files since we have a class B addresses.
The next setup is to make a number of changes to /rc/bin/cpurc as outlined in the Getting Started with plan 9 paper. Including enabling dhcp and tftp for the booting of diskless clients. Our cpurc . includes sections from termrc in order to run rio on the auth server.
Set up /lib/ndb/auth so that the cpu owner user is allowed to become any user
hostid=bootes uid=!sys uid=!adm uid=*
setup custom authenication services for the cpu/auth server:
disk/kfscmd allow cp /rc/bin/service.auth/authsrv.il566 /rc/bin/service.auth/il566 cp /rc/bin/service.auth/authsrv.tcp567 /rc/bin/service.auth/tcp567 mv /rc/bin/service/il566 /rc/bin/service/_il566 mv /rc/bin/service/tcp567 /rc/bin/service/_tcp567 echo '#!/bin/cpu -R' > /rc/bin/service/il17010 echo '#!/bin/cpu -R' > /rc/bin/service/tcp17010 chgrp sys /rc/bin/service/*17010 chgrp -u sys /rc/bin/service/*17010 chmod +x /rc/bin/service/*17010 disk/kfscmd disallow disk/kfscmd sync
Connect the Gigbit ethernet fibres and reboot the machine. After the reboot it will ask for the passwd of the cpu owner user (bootes), secstore key, authentication id (bootes) and an authentication domain (acl.lanl.gov) make sure the authentication id matches the authdom in /lib/ndb/local.
Now add some user accounts using auth/changeuser in particular and account for bootes:
/auth/enable bootes /auth/changeuser bootesat this point you should be able to connect to the cpu/auth server using a 4th Ed. terminal.
Last Modified: May 27 2002
dpx@acl.lanl.gov