[Dovecot] SSL Client Certificate Support

jan at weitan.org jan at weitan.org
Sun May 9 00:38:01 EEST 2004


I would appreciate this feature as well. Because i am using postfix
relaying with permit_tls_clientcerts and it just checks the fingerprints
of the certs. It find it far more convenient than using something like pam
and authorising with user accounts. Postfix can use this features also in
combination with normal sasl methods.
< Using OpenSSL for authentication brings
> in tons of more code that has to be relied on.
Your port 22 is closed or does not rely on the the OpenSSL lib ? I took a
short look at the sources from postfix but i am not too sure if it´s easy
to include in dovecot. Just a idea.

Regards Jan



Timo Sirainen wrote:
> Personally I'd really like to get the current CVS code fully working as
> intended. Then there's some long standing bugs/features (eg. recent
> counters). Then some NFS safety problems. All those should have been
> fixed long ago.
yes, it's better to get dovecot stable first.

> Also currently there's only dovecot-auth and master processes in Dovecot
> which have to be free of security holes to avoid pre-login security
> holes. That's not a lot of code. Using OpenSSL for authentication brings
> in tons of more code that has to be relied on.

I understand. But please, keep it in mind for later versions of dovecot!




More information about the dovecot mailing list