[Dovecot] Postfix & Dovecot: Client certificate authentication
"JARRY Jérémy"
jeremy.jarry at admin.gmessaging.net
Thu Aug 16 11:41:36 EEST 2012
Hello,
I would like to set up an authentication using certificate with Dovecot: A user sends mail to Postfix and Dovecot authentication is valid only if certificate is trusted.
So, I enable the parameter auth_ssl_require_client_cert in dovecot configuration but it is not running. Here are the postfix logs:
Aug 16 09:51:48 myserver dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Aug 16 09:51:48 myserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Aug 16 09:51:48 myserver dovecot: auth: Debug: auth client connected (pid=6922)
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH 1 PLAIN service=smtp nologin lip=127.0.0.1 rip=127.0.0.1 secured resp=xxx
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed: Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: PLAIN(?,127.0.0.1): Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL 1 reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH 2 LOGIN service=smtp nologin lip=127.0.0.1 rip=127.0.0.1 secured
Aug 16 09:51:51 myserver dovecot: auth: LOGIN(?,127.0.0.1): Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL 2 reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Client didn't present valid SSL certificate
It seems Postfix doesn't send the client certificat to Dovecot. What do you think ? What is wrong ?
Below are some information about my configuration:
OS: RHEL5
Postfix: 2.7.3
Dovecot: 2.0.14
Dovecot config:
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_verbose = yes
mail_debug = yes
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
protocols = none
service auth {
unix_listener /data/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
ssl = required
ssl_ca = </etc/dovecot/ca.pem
ssl_cert = </etc/dovecot/cert.pem
ssl_key = </etc/dovecot/key.pem
ssl_verify_client_cert = yes
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
verbose_ssl = yes
Thanks for your help
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jeremy.jarry.vcf
Type: text/x-vcard
Size: 56 bytes
Desc: Card for "JARRY J?r?my" <jeremy.jarry at admin.gmessaging.net>
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120816/afdab100/attachment-0002.vcf>
More information about the dovecot
mailing list