[9fans] standalone authserver on CF card - Plan9

This is a discussion on [9fans] standalone authserver on CF card - Plan9 ; Moin, I have to upgrade parts of my Plan 9 system. I'm thinking of using a soekris 5501 or 48xx as my authentication server. It would be nice to use a CF Card for storage but I'm not sure about ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: [9fans] standalone authserver on CF card

  1. [9fans] standalone authserver on CF card

    Moin,

    I have to upgrade parts of my Plan 9 system. I'm thinking of using a
    soekris 5501 or 48xx as my authentication server. It would be nice to use
    a CF Card for storage but I'm not sure about the read/write cycles. Does
    anyone run a Plan 9 server on a system without rotating parts?

    Many thanks
    Matthias



  2. Re: [9fans] standalone authserver on CF card

    > Moin,
    >
    > I have to upgrade parts of my Plan 9 system. I'm thinking of using a
    > soekris 5501 or 48xx as my authentication server. It would be nice to use
    > a CF Card for storage but I'm not sure about the read/write cycles. Does
    > anyone run a Plan 9 server on a system without rotating parts?
    >
    > Many thanks
    > Matthias


    yes. it works fine. however, if you have an internet-facing network
    with abused protocols such as ftp, you may wish to have a more powerful
    processor.

    - erik


  3. Re: [9fans] standalone authserver on CF card

    >> Moin,
    >>
    >> I have to upgrade parts of my Plan 9 system. I'm thinking of using a
    >> soekris 5501 or 48xx as my authentication server. It would be nice to use
    >> a CF Card for storage but I'm not sure about the read/write cycles. Does
    >> anyone run a Plan 9 server on a system without rotating parts?
    >>
    >> Many thanks
    >> Matthias

    >
    > yes. it works fine. however, if you have an internet-facing network
    > with abused protocols such as ftp, you may wish to have a more powerful
    > processor.
    >
    > - erik


    ftp was a major problem for my standalone cpu server; I was getting so
    many connection attempts that it was becoming hard to use the system.
    I eventually disabled the ftp daemon. Has anyone hacked ftpd to make
    such attempts less attractive or less disruptive?


    John



  4. Re: [9fans] standalone authserver on CF card

    > yes. it works fine. however, if you have an internet-facing network

    What is the best setup method? Because the soekris box hasn't a video
    output I have to use a serial console. I think of booting the box via
    pxe and running replica/pull. Or is it better to put the cf card in
    another box and set it up there?

    Matthias



  5. Re: [9fans] standalone authserver on CF card

    this really helps us. i know that steve has a list of bad
    ftp users to reject out-of-hand, but this exponential backoff
    keeps the bad guys from bothering our auth server enough to
    notice. we still get quite a few connections, though

    - erik


    /n/sources/plan9//sys/src/cmd/ip/ftpd.c:519,524 - ftpd.c:519,528
    int
    usercmd(char *name)
    {
    + static int usercmds = 1000;
    +
    + if(usercmds <<= 1 > 2000)
    + sleep(usercmds);
    logit("user %s %s", name, nci->rsys);
    if(loggedin)
    return reply("530 Already logged in as %s", user);
    /n/sources/plan9//sys/src/cmd/ip/ftpd.c:537,542 - ftpd.c:541,548
    strcpy(user, "none");
    else if(anon_everybody)
    strcpy(user,"none");
    + if(strcmp(user, "Administrator") == 0)
    + return reply("530 no way jose");
    if(strcmp(user, "*none") == 0){
    if(!anon_ok)
    return reply("530 Not logged in: anonymous disallowed");
    /n/sources/plan9//sys/src/cmd/ip/ftpd.c:593,600 - ftpd.c:599,606
    ch->nresp = strlen(response);
    ai = auth_response(ch);
    if(ai == nil) {
    - static long delay = 100;
    -
    + static long delay = 1000;
    + hoser:
    sleep(delay); /* deter password-guessers */
    if (delay < 60*1000)
    delay *= 2;
    /n/sources/plan9//sys/src/cmd/ip/ftpd.c:601,607 - ftpd.c:607,613
    return reply("530 Not logged in: %r");
    }
    if(auth_chuid(ai, nil) < 0)
    - return reply("530 Not logged in: %r");
    + goto hoser;
    auth_freechal(ch);
    ch = nil;


  6. Re: [9fans] standalone authserver on CF card

    > What is the best setup method? Because the soekris box hasn't a video
    > output I have to use a serial console. I think of booting the box via
    > pxe and running replica/pull. Or is it better to put the cf card in
    > another box and set it up there?


    that really depends. the fundamental decision is if the auth server
    is completely standalone or if it's root is from the main fileserver.

    at coraid, our auth server boots from a kernel on DOM (uses regular
    ide connector rather than CF) and mounts the main fileserver. it only
    has a local plan9.ini and kernel. nothing else.

    unfortunately, this means that the fileserver is also completely standalone.
    it boots from a kernel on DOM, too. this makes upgrading the fs somewhat
    of a pain, but fs kernel updates are rare.

    the upside is that the auth server which also serves pxe booting doesn't
    live in its own world. if we booted the auth server from DOM or CF root,
    we would have to push pxe images & /lib/ndb/local to the auth server with
    every change.

    - erik


  7. Re: [9fans] standalone authserver on CF card

    > What is the best setup method? Because the soekris box hasn't a video
    > output I have to use a serial console. I think of booting the box via
    > pxe and running replica/pull. Or is it better to put the cf card in
    > another box and set it up there?


    In general I've found pxe to work well. One word of caution, though.
    There is a problem with 5501's failing to detect CF cards some of the
    time, especially on reboots. This has bit a number of people, including
    me this last weekend. For low volume you might want to stick to 4801's,
    although they are getting harder to find. If you need a 5501 you might
    want to wait for the next BIOS upgrade.
    --
    John Stalker
    School of Mathematics
    Trinity College Dublin
    tel +353 1 896 1983
    fax +353 1 896 2282


  8. Re: [9fans] standalone authserver on CF card

    > me this last weekend. For low volume you might want to stick to 4801's,
    > although they are getting harder to find. If you need a 5501 you might
    > want to wait for the next BIOS upgrade.


    I have both systems "in stock" so I can try. Thanks for that hint. I
    have the CF booting problem on the 5501 to.

    Matthias



  9. Re: [9fans] standalone authserver on CF card

    > yes. it works fine. however, if you have an internet-facing network
    > with abused protocols such as ftp,


    Isn't Mathias going to build stand alone _authserver_, but cpu server?

    If he wants to make authserver on CF card, I recommend him to use
    kfs for CF card. I'm using this from may 2004 without any problem.

    Kenji



  10. Re: [9fans] standalone authserver on CF card

    > Isn't Mathias going to build stand alone _authserver_, but cpu server?

    Yes, I'm going to build a standalone authserver. I do not need it as a
    CPU Server.

    > If he wants to make authserver on CF card, I recommend him to use
    > kfs for CF card. I'm using this from may 2004 without any problem.


    That sounds good. I think it is not a major problem to make a copy of
    the cf as backup but it would be nice to have not as much downtime.

    Matthias



+ Reply to Thread