diff --git a/type/__dma_auth/manifest b/type/__dma_auth/explorer/logins
old mode 100755
new mode 100644
similarity index 55%
rename from type/__dma_auth/manifest
rename to type/__dma_auth/explorer/logins
index e0c809a..0ed6bc1
--- a/type/__dma_auth/manifest
+++ b/type/__dma_auth/explorer/logins
@@ -1,6 +1,6 @@
 #!/bin/sh -e
 #
-# 2020 Dennis Camera (dennis.camera@ssrq-sds-fds.ch)
+# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
 #
 # This file is part of cdist.
 #
@@ -17,14 +17,25 @@
 # You should have received a copy of the GNU General Public License
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
+# This explorer lines matching user + server in /etc/dma/auth.conf and reports
+# their cksum.
 
+test -r /etc/dma/auth.conf || exit 0
 
-os=$(cat "$__global/explorer/os")
+if test -f "${__object}/parameter/login"
+then
+	login=$(cat "${__object}/parameter/login")
+else
+	login=$__object_id
+fi
+server=$(cat "${__object}/parameter/server")
 
-case "$os" in
-   *)
-      printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
-      printf "Please contribute an implementation for it if you can.\n" >&2
-      exit 1
-   ;;
-esac
+regex=$(printf '^%s|%s:' "$login" "$server")
+
+grep -e "${regex}" /etc/dma/auth.conf \
+| while read -r line
+  do
+	  echo "${line}" \
+	  | cksum - \
+	  | cut -d ' ' -f 1
+  done
diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote
index 77ad9d2..0951c16 100755
--- a/type/__dma_auth/gencode-remote
+++ b/type/__dma_auth/gencode-remote
@@ -18,3 +18,65 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
+logins=$(cat "${__object}/explorer/logins")
+state_should=$(cat "${__object}/parameter/state")
+
+if test -f "${__object}/parameter/login"
+then
+	login=$(cat "${__object}/parameter/login")
+else
+	login=$__object_id
+fi
+password=$(cat "${__object}/parameter/password")
+server=$(cat "${__object}/parameter/server")
+
+case $state_should
+in
+	(present)
+		conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
+		cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
+		if echo "$logins" | grep -qxF "${cksum_should}"
+		then
+			# correct line already present -> nothing to do
+			exit 0
+		fi
+
+		mode=1
+	;;
+	(absent)
+		if test -z "$logins"
+		then
+			# no logins present -> nothing to do
+			exit 0
+		fi
+
+		# NOTE: password is not needed to delete
+		conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
+
+		mode=0
+		;;
+	(*)
+		printf 'Invalid --state: %s' "${state_should}" >&2
+		exit 1
+		;;
+esac
+
+cat <<EOF
+read -r CONF_LINE <<'EOL'
+${conf_line}
+EOL
+export CONF_LINE
+
+awk -F: -v print=$mode '
+BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
+$1 == conf[1] {
+    if (print && !found) {
+        # remove duplicates
+        print ENVIRON["CONF_LINE"]
+        found = 1
+    }
+    next
+}
+1' </etc/dma/auth.conf >/etc/dma/auth.conf.tmp \
+&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf
+EOF
diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst
index cd4f647..bd077d6 100644
--- a/type/__dma_auth/man.rst
+++ b/type/__dma_auth/man.rst
@@ -3,23 +3,29 @@ cdist-type__dma_auth(7)
 
 NAME
 ----
-cdist-type__dma_auth - TODO
+cdist-type__dma_auth - Configure SMTP logins for the DragonFly Mail Agent MTA.
 
 
 DESCRIPTION
 -----------
-This space intentionally left blank.
+This cdist type allows you to set up credentials to log in to remote SMTP
+servers.
 
 
 REQUIRED PARAMETERS
 -------------------
-None.
+password
+    The user's password (in plain text.)
+server
+    The SMTP server on which the login is valid.
 
 
 OPTIONAL PARAMETERS
 -------------------
-None.
-
+login
+    The user's LOGIN name on the SMTP server. Defaults to `__object_id`.
+state
+    Either `present` or `absent`. Defaults to `present`.
 
 BOOLEAN PARAMETERS
 ------------------
@@ -31,13 +37,18 @@ EXAMPLES
 
 .. code-block:: sh
 
-    # TODO
-    __dma_auth
+    # Set the password for smarthost
+    __dma_auth joe --server smarthost --password hunter2
 
+    # Set credentials for user at an external provider
+    __dma_auth paul@example.com --server mail.provider.com --password letmein
+
+    # Delete credentials for example.com
+	__dma_auth paul --server example.com --state absent
 
 SEE ALSO
 --------
-:strong:`TODO`\ (7)
+:strong:`cdist-type__dma`\ (7), :strong:`dma`\ (8)
 
 
 AUTHORS
diff --git a/type/__dma_auth/parameter/default/state b/type/__dma_auth/parameter/default/state
new file mode 100644
index 0000000..e7f6134
--- /dev/null
+++ b/type/__dma_auth/parameter/default/state
@@ -0,0 +1 @@
+present
diff --git a/type/__dma_auth/parameter/optional b/type/__dma_auth/parameter/optional
new file mode 100644
index 0000000..c35dbef
--- /dev/null
+++ b/type/__dma_auth/parameter/optional
@@ -0,0 +1,2 @@
+login
+state
diff --git a/type/__dma_auth/parameter/required b/type/__dma_auth/parameter/required
new file mode 100644
index 0000000..8f1a1c9
--- /dev/null
+++ b/type/__dma_auth/parameter/required
@@ -0,0 +1,2 @@
+password
+server