On Sat, Jun 07, 2014 at 12:22:35AM -0700, Clint Pachl wrote:
> Jason McIntyre wrote, On 05/15/14 13:54:
> >>the man page sates that:
> >>>
> >>> Both auth and auth-optional accept an optional table as a
> >>> parameter. When provided, credentials are looked up in this
> >>> table.
> >>>
> >>>but reading the new smtpd.conf(5) gives the impression that authtable is
> >>>mandatory. I haven't checked the code but the following passes a check
> >>>with smtpd -n
> >>>
> >>> listen on iwn0 tls auth
> >>> listen on em0 tls auth-optional
> >>>
> >>>so it seems to be a valid syntax.
> >>>
> >it's why i added the word "optional" to the description. the syntax
> >[<table>] is really ugly, and is hard to understand.
> >
> >we could do it, but i don;t want to. sometimes it's better to sacrifice
> >being a million percent correct for clarity.
>
> The syntax may be ugly, but the vagueness for a novice such as myself is
> confusing. I wasted an hour with this exact issue the other day. I was
> looking for the problem in all the wrong places. I thought my certs were
> bad, my "pki" declaration was wrong, my email client was misconfigured.
> Finally, I decided to try "<>" around my table name. Voil?!
>
but that is not down to my not wrapping <authtable> in [], right?
> The documentation is inconsistent and that's what threw me off.
>
> In smtpd.conf(5) on OpenBSD 5.5 for example, the "listen on" directive has
> the option "auth authtable" where the angle brackets are implied. But the
> "accept | reject" directive has the option "for [!] domain <domains> [alias
> <aliases>]" where the angle brackets are explicit.
>
i don;t know how it looked in 5.5., but it is explicit now.
> It should be exclusively one way or the other. If [<table>] is too ugly,
> then suffix all table place holders with "table". So for example, the
> "accept | reject" directive I mentioned above would become "for [!] domain
> domaintable [alias aliastable]". Then make a note that all place
> holders/variables must be encloded by angle brackets.
>
> Personally, I don't like that solution. I think being explicit with the
> syntax is the correct solution. It doesn't matter if it is ugly; it's the
> syntax that smtpd uses so it should be documented as such.
>
>
ok, here's what's there now:
[auth | auth-optional <authtable>]
...
Both auth and auth-optional accept an optional table as a parameter.
i really don;t see the problem. still, i will add [] just now, ok?
jmc
