[Dovecot] Authentication using only TLS client certificates

Timo Sirainen tss at iki.fi
Sun Aug 26 01:41:11 EEST 2007


On Fri, 2007-08-24 at 23:57 +0200, Martin Lambers wrote:
> Hi!
> 
> I'd like to configure dovecot to use only TLS client certificates for
> authentication. After the user presented a client certificate and that
> certificate was verified, no password-based authentication should be
> necessary anymore.
> 
> Is this currently possible? Or would this require support for the SASL
> EXTERNAL mechanism?

Pretty much all clients still want to send username and password. You
could have Dovecot get the username from the certificate
(ssl_username_from_cert=yes) and allow it to authenticate with any
password. Easiest way to do that would be to use a SQL passdb:

password_query = select null as password, 'Y' as nopassword

With a SQLite backend it wouldn't need even a server.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070826/54f30db1/attachment.bin 


More information about the dovecot mailing list