From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <067b825de500d2495d2793710185592d@plan9.bell-labs.com> From: David Presotto To: 9fans@cse.psu.edu Subject: Re: [9fans] ATA next In-Reply-To: <20040122203626.F28365@cackle.proxima.alt.za> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Thu, 22 Jan 2004 15:10:16 -0500 Topicbox-Message-UUID: bf1c0ebe-eacc-11e9-9e20-41e7f4b1d025 > Lastly, and again I assume I could figure this by myself, but a > superficial search led me to believe that there's someone out there > who can explain it a little better, what are the preconditions for > imap4d to operate correctly under TLS? According to the documentation > the certificate is generated on the fly by /rc/bin/service.auth/tcp993, > but I'm not altogether convinced :-( The directory /sys/lib/ssl > in which a cert may be stored certainly did not exist before I > created it. It has remained empty since :-( This is assuming you are going to use TLS imap4d. (1) The factotum that the imap4d runs on needs the private/public key that TLS will use. For example, ours is: key proto=rsa service=tls owner=* size=1024 ek=10001 n=E4D13B3CF62A29157E816E05E5BC42DB4A93DBAB9AB1D77564A2EB2382503C0F2EB3B217E21FF91A258A4F6A9E4A44A9D2B6A344D8CB7049A0F95D501E3FC826F3D3161D6987AEA5028ECD6ED15268B94E358696092E540560C5978C5B49349DF521A4148D023EE67BCA7319F550A18B510EEC12ADE97ED2132134E5A264EA7D !dk? !p? !q? !kp? !k We just store it in our secstore and get it whenever we boot. Look at the example at the end of rsa(8). It tells you how to generate it. (2) That machine must also have access to the certificate that goes with that key. For example. /rc/bin/service/tcp993 expects to find that in /sys/lib/ssl/cert.pem. Once again rsa(8) tells you how to do it. (3) Any user that wants to use imap4d needs to have an apop secret. Its not just for apop... You can create them by running auth/changeuser on the auth server: auth/changeuser presotto assign new password? [y/n]: n assign Inferno/POP secret? (y/n) y Secret(0 to 256 characters): Confirm: ... (4) Each of these users needs a mailbox. You can create a mailbox by logging on and running 'mail -c': (5) The machine running imap4d needs to know where an auth server is running. This can be done by getting that on boot via dhcpd, by pugging it into your plan9.ini ...