On Tue, 10 Feb 1998, Peter J. Braam wrote:

> 
> 
> On Mon, 9 Feb 1998, Steven N. Hirsch wrote:

> > auth2 server?  I'll read the docs and find out how to do this.  I guess I
> > assumed that if I wasn't authorized, I wouldn't be able to read/write Coda
> > at all!
> 
> No, a volume is always created with all rights for anyone in the ACL.  The
> system administrator corrects this when mounting.  So a standard volume
> for braam, mounted on /coda/usr/braam would get 
> 
> cfs setacl /coda/usr/braam  braam all System:AnyUser rl
> 
> New directories inherit the acl from the parent.
> 
> There are a number of problems with unauthenticated operation of Coda
> (which we will look at, but they are not on our urgent list) having to do
> with the fact that re-integration requires tokens.  If your bandwidth fell
> briefly, you could have a problem, unless you have tokens.
> 

Ok, I spent the better part of an hour today fighting with setup of the
authentication database.  Everything works as advertised (save for a few
typos in the manual - more below), but no matter what I try it refuses to
authenticate me..

Let me outline the steps:

Log into the SCM machine as root.  Ensure that it has venus running and
can properly see the server volume. 

/vice/db/passwd.coda:

600<TAB>mypassword<TAB>hirsch

/vice/db/user.coda:

hirsch::600::Steven N. Hirsch::

/vice/db/group.coda:

System:Administrators<TAB>-204<TAB>hirsch

	Note:  There is no documentation on the group file format and,
	       in particular, the numbering scheme.

Change directory to /vice/db and follow the steps in Sec. 7.7.1 of the
documentation.

At this point, still logged in as root, I attempt to run:

au -h <my_scm> nu

I enter "hirsch" as my vice id, then my password.

Authentication fails with:

RPC2_bind -> RPC2_notauthenticated (F)

Next, I log into another client as "hirsch" and try again.  It still fails
with the same message.

>From the logs:

19:53:01 In PWGetKeys()
19:53:01 	vid = -1
19:53:01 Authentication failed for "hirsch" from 50.244.168.192
20:11:56 In PWGetKeys()
20:11:56 	vid = 600
20:11:56 Authentication failed for "hirsch" from 57.244.168.192

*********************************************************************


Errata:

Sec. 7.7.1

groups.coda is actually group.coda (singular) as installed by rpm

Sec. 11.1.1

groups.coda --> group.coda

pwd2pdb is shown with a '-p' flag.  This wants to be '-u'.


Sec. 11.1.2

Step 3 is a bit confusing.  Why is 'mvdb' necessary if one has just
created the files in the target directory?



*******************************************************************

Hopefully, I'm just being dense and overlooking a step.  Advice
appreciated..

Steve