(Illustration by Gaich Muramatsu)
On Fri, Jan 16, 2004 at 02:39:36PM -0600, Jason A. Pattie wrote: > | Anyway, it looks like forgotten tokens... suspended, not shut down laptop? > > Shutdown, of course. Am I to understand that a token cannot be > maintained across reboots/restarts of venus? I.e., how is disconnected > startup supposed to work if I can't shutdown my laptop, take it home, Authentication tokens are not stored persistently, so they can not survive a venus restart. But you can save a token to a file and pass it to venus later on after a restart. Ofcourse saving a token to a file could be a security risk for some people, but you could save it in an encrypted partition, or on a removable flash device or something. clog -tofile codatokenfile user_at_realm clog -fromfile codatokenfile I'm still considering adding some form of encryption (using the user's password?) to the saved token so that it could possibly be left around in a less secure location (publicly readable in /coda?) or could be emailed around. If you give a disconnected venus a token, it will allow access, but has no way to tell whether the token is actually still usable. A token is only discarded when a server actually rejects it. So you can use an old (or fake) token while disconnected, but you cannot use it to actually commit any changes to the server until you get a valid token. > I guess if this is not possible that would explain why I cannot login to > my coda HOME directory before I clog as my user to get a token. Correct, I actually don't have $HOME in Coda, but many of the '.foo' files and subdirectories are links into my Coda homedirectory. It allows me to start and log in even if Coda is not running. And the /coda tree cannot be unmounted (and thus venus can't be restarted) as long as any process has their working directory somewhere in /coda. Finally, I tend to just suspend my laptop all the time. Right now I have only 5 days uptime, but only because I just booted into a new kernel. My laptop can be suspended for several days without a problem and will even do a suspend to disk if the battery is almost completely drained. So in my case disconnected operation does get far more testing compared to disconnected startup. > Can I replicate the auth2 daemon on my laptop in order to facilitate > retrieving a token when starting up disconnected? The auth2 daemon really doesn't talk to anything. But I don't really see this as a good solution because you would have to also run the updateclnt to get the current user, password and shared secret files from the server. If you just want a token without network connectivity, use clog -tofile/fromfile, if you want to be able to create an 'arbitrary token' you can use 'tokentool' which I believe is installed on the server in /usr/sbin and can create a token that can be used by clog -fromfile. JanReceived on 2004-01-19 14:14:00