Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[9fans] secstore account expired, how fix it using only drawterm

62 views
Skip to first unread message

Robert Raschke

unread,
Jan 4, 2010, 1:56:18 PM1/4/10
to
Somehow my account "expired" in a way that appears to only affect secstore. I can log in and do stuff, but get the fgui popup for stuff normally stored in my factotum.

And ...

cpu% auth/secstore -g factotum
secstore password:
auth/secstore: error: account rtr expired at Sat Jan  2 03:59:59 GMT 2010
secstore password:

I am away from my infrastructure and have only a drawterm to play with. What would you suggest I can do to fix this?

I tried drawterming in as bootes and running auth/changeuser but that just hangs.

Any ideas appreciated.

Thanks,
Robby

erik quanstrom

unread,
Jan 4, 2010, 2:16:04 PM1/4/10
to
> cpu% auth/secstore -g factotum
> secstore password:
> auth/secstore: error: account rtr expired at Sat Jan 2 03:59:59 GMT 2010
> secstore password:

see secstore(8). auth/secuser $user is what you want. on
the console of the auth server.

- erik

Steve Simon

unread,
Jan 4, 2010, 2:56:34 PM1/4/10
to
I think (I haven't tried this) you can drawterm in as bootes
and then manually edit the file /adm/secstore/who/$user and change
the number after exp. I guess this number is the number of secs since 1/1/70
butthe source for secstored wil tell you.

-Steve

Robert Raschke

unread,
Jan 4, 2010, 2:58:24 PM1/4/10
to
Thank you Erik.


I managed to log in as bootes with drawterm and then went and edited /adm/secstore/who/$user by hand to give it a new expiration epoch value.

I'm not sure why the auth commands hang in a vanilla drawterm (no rio). I get the impression that setting the console to raw doesn't work with drawterm, but I lack skill and time to figure that one out just now.

All sorted now anyway, thanks again,
Robby

Steve Simon

unread,
Jan 4, 2010, 4:23:37 PM1/4/10
to
> I'm not sure why the auth commands hang in a vanilla drawterm (no rio).

The problem is not drawterm, it is by design. keyfs (and I assume secstored)
create a virtual filesystem that the command line apps use to communicate with
the running daemon.

Due to plan9's per process namespace and because your drawterm session is not
decended from the console's shell (where /mnt/keys was created) you cannot see
the control file and so you cannot perform key administration.

There are some neat tricks you can do if you have a remote server - the "approved"
way is to run a console server program on another machine and wire up the EIA interfaces
so you can use the serial console.

Erik has an ethernet (not tcpip, raw ethernet) console kernel driver and command line
tool which is easier these days (EIA interfaces are a dieing breed). You can even use
these tools over a loopback interface, from the machine back to itself.

another possibility is to serve the consoles view of /mnt and post it as a file
descriptor in /srv with read/write for only bootes - people have posted such solutions
on 9fans in the past.

> I get the impression that setting the console to raw doesn't work with drawterm.

I would be very surprised if this is the case, I don't use drawterm much but last time
I tried it raw/cooked worked fine.

> All sorted now anyway

Good

-Steve

erik quanstrom

unread,
Jan 4, 2010, 4:59:08 PM1/4/10
to
> Erik has an ethernet (not tcpip, raw ethernet) console kernel driver and command line
> tool which is easier these days (EIA interfaces are a dieing breed). You can even use
> these tools over a loopback interface, from the machine back to itself.

a version of cec(8), the client, is available in the
distribution. also, a better-for-debugging version
is available as contrib quanstro/cec. see the -e
flag. cec(3), the server, is available in 9atom.

i've been using cec heavily recently as i've been
working on a driver and have been too lazy to
hook up serial.

- erik

0 new messages