[Dovecot] X.509 certificate based IMAP login

Timo Sirainen tss at iki.fi
Tue Nov 3 20:45:31 EET 2009


On Mon, 2009-11-02 at 14:22 +0100, dovecotlist at encambio.com wrote:
> We would like to make it possible for users with a X.509 client
> certificate to log in without providing LDAP or any other
> credentials. 

Well.. These get you a bit further:

ssl_ca_file = /pfx/etc/dovecot/dovecot-caroots.pem
ssl_verify_client_cert = yes
auth_ssl_username_from_cert = yes

but to disable password check the passdb also needs to check if %k
variable's value is "valid". With SQL this would be easy. With LDAP, I
guess it doesn't really work now. Unless you used e.g. checkpassword
script to do both checks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20091103/66977bab/attachment.bin 


More information about the dovecot mailing list