[Dovecot] SSL fields as variables for SQL statements ...
XhE
XhE at gmx.net
Thu Sep 11 19:50:53 EEST 2008
Timo Sirainen wrote:
> On Wed, 2008-09-03 at 01:54 +0200, XhE wrote:
>
>> Hi,
>>
>> I was wondering if there is any possibility to access the status if a
>> user has provided a certificate, that has been accepted or not via
>> variables. And further if there is any way to get the value of SSL
>> certificate fields by use variables. I'd like to use those variables in
>> sql statements.
>>
>> I then could assign a single certificate to a user, and make up passdb
>> sql statements, that allow him to access multiple (but not all)
>> mailboxes without the need to issue any further certificates.
>>
>
> It does sound like a nice idea, but you'd have to modify sources for
> that. The best I could do in short notice is to make "did user present a
> certificate?" variable available. Other than that would require sending
> the entire certificate (or at least its fields) to dovecot-auth process
> and that's not done right now.
>
Thanks, that would already help a lot!
And I see your point, that it takes some time, to make the certificate
or the files available to dovecot-auth. That's why I thought if you
could add an option in the mean time. Let's call it something like
ssl_cert_auth_field and just provide the content of this field of a
certificate. I think in most cases accessing a single field is enough.
And in case your willing to provide a variable that makes available the
information, if a user provided a valid certificate or not, than I guess
this additional variable is also not the big deal, is it? :)
---Michael
More information about the dovecot
mailing list