The objective is to configure an authenticating SMTP server, so if
somebody has a formula for that, I'm game.
As I failed to figure it all out for myself (but thanks to those who
contributed to the wiki page on how to do authenticated outgoing
SMTP), let me explain where I'm stumped.
The diagnostic is a very stubborn dhcpd server returning:
535 5.7.1 Authentication failed: auth server protocol botch
I've added the '%r' error message in a modified version of smtpd.c, I
strongly recommend this change.
I traced the cause for the failure to the call to auth_userpasswd()
and subsequently to auth_challenge(). The former seems OK on the
surface, despite the following comment:
* This process was derived empirically.
* this was copied from inet's guard.
But the call:
ch = auth_challenge("user=%q proto=p9cr role=server", user)
isn't very helpful: it always fails (in my situation) with an ugly:
RPC start (user=proxima proto=p9cr role=server) failed: auth server protocol
botch
a message I have added to a copy of the library module
libauth/auth_challenge.c.
The documentation for auth_challenge() is very thin and the code is a
bit obscure too. For my part, I can embarrassingly admit that I have
no idea where the "auth server" belongs in this discussion, never mind
what the real purpose of the "p9cr" protocol is.
However, in my test modules, changing "proto=p9cr" to "proto=p9sk1"
moves the probelm to the next action in auth_challenge(), that is,
instead of failing on auth_rpc(..."start"...), it now complains about
the lack of synchronisation on the following auth_rpc(..."read"...)
which seems logical enough.
So there are a few things that need explaining, at least to me: (1) Am
I right in believing that "tcp25" must run as a trusted process and
therefore occur in /rc/bin/service.auth if it is to employ TLS? (2)
What factotum or auth server entry is required to make "user=proxima
proto=p9cr role=server" succeed as a factotum RPC? (3) The Factotum
man page covers the various verbs used in the RPCs, but goes into no
detail whatsoever about the actual arguments to them. Maybe a few
examples will make a big difference.
Oh, the auth_challenge() man page incorrectly mentions
auth_userpassword() which I presume is meant to be auth_userpasswd().
Anyway, back to authenticated incoming SMTP, how do I make it tick?
Who needs to be identified? I presume each possible user must have an
entry somewhere on the auth server, but what kind of entry?
And is there not a problem I cannot identify in
libauth/auth_challenge() or the factotum module for "proto=p9cr"?
Thanks.
++L
