[Dovecot] SSL Certifcates

Stephen Feyrer steve at toth.org.uk
Fri Aug 8 00:33:51 EEST 2008


Timo Sirainen wrote:
> On Aug 7, 2008, at 2:49 PM, Stephen Feyrer wrote:
> 
>> Hi anyone.
>>
>> Can dovecot be configured to authenticate user using only SSL 
>> Certificates only and not ask for a password.
>>
>> So far I've got it taking the username from the common name of the 
>> certificate but I like it to use the certificate in place of the 
>> password.
>>
>> Is this possible and how?
> 
> 
> If you're that far, then you're already authenticating the user against 
> the certificate. Or assuming you have ssl_require_client_cert=yes. Then 
> just create a passdb that accepts any password as valid for the user 
> (nopassword=yes extra field).
> 
> In theory there's also this EXTERNAL SASL mechanism that could be used 
> to log in without user/pass, but Dovecot doesn't currrently support that 
> and I'm not aware of any clients supporting it either.

Hi Timo.

I have authenticating user against the certificate as you say and do 
have ssl_require_client_cert=yes.

I'm using PAM to authenticate against my user database at the moment. 
I'm still baffled... :)

--
kind regards

Stephen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3309 bytes
Desc: S/MIME Cryptographic Signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20080807/49d26683/attachment.bin 


More information about the dovecot mailing list