[Dovecot] Problem with requiring client certificates for external connections

Bojan Smojver bojan at rexursive.com
Sat Dec 25 13:38:39 EET 2010


Frank Crawford <frank <at> crawford.emu.id.au> writes:

> I'm trying to configure my dovecot installation to require client
> certificates for external/Internet connections, while still allowing
> my local network to not need certificates.

Exactly the same problem here on exactly the same platform (F-14), although I
used a slightly different config directives (local <remoteIP>).

First, the docs for dovecot 2 don't mention auth_ssl_require_client_cert at
all. However, it seems to be important.

Second, if I set the above three for external IP, one can still log in (after
being prompted for the client cert) by cancelling on the client side. It just
goes straight through, no cert required.

On the other hand, if I put those three in the global section but then turn
them off in local <localIP>, then local clients get asked for cert no matter
what. Any client that doesn't have a valid client cert will fail.

So, this part of dovecot 2 is buggy. I tried downgrading back to 2.0.1. Same
result.

With dovecot 1 in F-13 I could at least run two daemons side by side easily.
Not possible any more, it seems (pid location hardcoded).

--
Bojan



More information about the dovecot mailing list