From: David Presotto <presotto@closedmind.org>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] ATA next
Date: Thu, 22 Jan 2004 15:10:16 -0500 [thread overview]
Message-ID: <067b825de500d2495d2793710185592d@plan9.bell-labs.com> (raw)
In-Reply-To: <20040122203626.F28365@cackle.proxima.alt.za>
> Lastly, and again I assume I could figure this by myself, but a
> superficial search led me to believe that there's someone out there
> who can explain it a little better, what are the preconditions for
> imap4d to operate correctly under TLS? According to the documentation
> the certificate is generated on the fly by /rc/bin/service.auth/tcp993,
> but I'm not altogether convinced :-( The directory /sys/lib/ssl
> in which a cert may be stored certainly did not exist before I
> created it. It has remained empty since :-(
This is assuming you are going to use TLS imap4d.
(1) The factotum that the imap4d runs on needs the private/public key that
TLS will use. For example, ours is:
key proto=rsa service=tls owner=* size=1024 ek=10001 n=E4D13B3CF62A29157E816E05E5BC42DB4A93DBAB9AB1D77564A2EB2382503C0F2EB3B217E21FF91A258A4F6A9E4A44A9D2B6A344D8CB7049A0F95D501E3FC826F3D3161D6987AEA5028ECD6ED15268B94E358696092E540560C5978C5B49349DF521A4148D023EE67BCA7319F550A18B510EEC12ADE97ED2132134E5A264EA7D !dk? !p? !q? !kp? !k
We just store it in our secstore and get it whenever we boot. Look at the
example at the end of rsa(8). It tells you how to generate it.
(2) That machine must also have access to the certificate that goes with that key. For
example. /rc/bin/service/tcp993 expects to find that in /sys/lib/ssl/cert.pem.
Once again rsa(8) tells you how to do it.
(3) Any user that wants to use imap4d needs to have an apop secret. Its
not just for apop... You can create them by running auth/changeuser on
the auth server:
auth/changeuser presotto
assign new password? [y/n]: n
assign Inferno/POP secret? (y/n) y
Secret(0 to 256 characters):
Confirm:
...
(4) Each of these users needs a mailbox. You can create a mailbox by logging on
and running 'mail -c':
(5) The machine running imap4d needs to know where an auth server is running. This
can be done by getting that on boot via dhcpd, by pugging it into your
plan9.ini ...
next prev parent reply other threads:[~2004-01-22 20:10 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-22 14:23 Lucio De Re
2004-01-22 15:22 ` jmk
2004-01-22 18:19 ` Lucio De Re
2004-01-22 19:13 ` jmk
2004-01-23 5:19 ` Lucio De Re
2004-01-23 9:11 ` Charles Forsyth
2004-01-23 9:37 ` Lucio De Re
2004-01-23 16:38 ` jmk
2004-01-23 16:47 ` C H Forsyth
2004-01-22 15:53 ` David Presotto
2004-01-22 18:36 ` Lucio De Re
2004-01-22 19:53 ` David Presotto
2004-01-23 5:55 ` [9fans] imap4d operation (Was: ATA next) Lucio De Re
2004-01-23 16:39 ` David Presotto
2004-01-22 20:10 ` David Presotto [this message]
2004-01-23 7:11 ` [9fans] ATA next Lucio De Re
2004-01-23 9:00 ` Lucio De Re
2004-01-23 16:37 ` David Presotto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=067b825de500d2495d2793710185592d@plan9.bell-labs.com \
--to=presotto@closedmind.org \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).