[Dovecot] Question about auth multiple configuration

Timo Sirainen tss at iki.fi
Thu Apr 29 20:19:55 EEST 2010


On Wed, 2010-04-28 at 19:12 +0200, Fabrice MATHIEU wrote:

> That's normal. But 127.0.0.1 client(network) is considered by dovecot
> as secure, so won't the auth possible without certificate ?

It's considered secure against man-in-the-middle attacks, but requiring
SSL cert is more about authentication. I know in some setups people
don't use passwords at all, only the SSL cert. So if I did this change,
in such setups localhost could log in as any user, which is clearly
pretty bad.

> Can't we make two auth policy to make secure (client crt require) for
> public IP/client and less "secure" (without crt client) for local
> process (postfix) and local newtwork(127.0.0.1) for roundcube ?

Only way I can think of is to run two Dovecots, one listening for
localhost and another listening for external IP, both using different
config files.

> I see section "auth default { ... }" and is used by ... default ! But
> can we make an other one to make this two particular authentication on
> the same "instance" ? 

auth sections won't help. v2.0 makes this almost possible, it just
doesn't yet have per-IP settings support for auth settings.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100429/0a60c449/attachment.bin 


More information about the dovecot mailing list