in case anyone's wondering, my problem was due to the fact that keyfs
was started after aux/listen for trusted services; /mnt/keys/* wasn't
in authsrv's namespace.  in my case, i put the trusted services in
/cfg/bootes/cpurc, while keyfs was started later in the sequence of
/rc/bin/cpurc.

the default config in the distro CD could lead others to do the
same.  given that only auth needs to run keyfs and trusted services,
it would be better to create a /cfg/example.auth/cpurc that includes
keyfs and trusted services in it and remove them from /rc/bin/cpurc,
since they come after /cfg/$sysname/cpurc is run.

>> are you sure that the passwords in nvram and auth/changeuser do match
>> for bootes?
> 
> pretty sure.  i've zero'ed the nvram and re-entered it. i went so far as
> stopping keyfs, zero'ing /adm/keys and /adm/keys.who and reinstalling
> bootes from scratch and restarting.  it is very puzzling.
> 
> Lucio said:
>> Should you not add a "role=server" to whatever the chosen entry is?
>> It will at minimum help with debugging.
> 
> i did, but the result changed only slightly; trying to connect to
> auth from another system now results in the same behavior as
> auth/debug exhibits: "no key matches".


Reply via email to