[Dovecot] Postfix & Dovecot: Client certificate authentication

Thu Aug 16 11:41:36 EEST 2012

Hello,

I would like to set up an authentication using certificate with Dovecot: A user sends mail to Postfix and Dovecot authentication is valid only if certificate is trusted.

So, I enable the parameter auth_ssl_require_client_cert in dovecot configuration but it is not running. Here are the postfix logs:

Aug 16 09:51:48 myserver dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Aug 16 09:51:48 myserver dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Aug 16 09:51:48 myserver dovecot: auth: Debug: auth client connected (pid=6922)
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH       1       PLAIN   service=smtp    nologin lip=127.0.0.1   rip=127.0.0.1       secured resp=xxx
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed: Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: PLAIN(?,127.0.0.1): Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL      1       reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH       2       LOGIN   service=smtp    nologin lip=127.0.0.1   rip=127.0.0.1       secured
Aug 16 09:51:51 myserver dovecot: auth: LOGIN(?,127.0.0.1): Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL      2       reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning: localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Client didn't present valid SSL certificate

It seems Postfix doesn't send the client certificat to Dovecot. What do you think ? What is wrong ?

Below are some information about my configuration:
OS: RHEL5

Postfix: 2.7.3

Dovecot: 2.0.14

Dovecot config:
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_verbose = yes
mail_debug = yes
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocols = none
service auth {
  unix_listener /data/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = root
}
ssl = required
ssl_ca = </etc/dovecot/ca.pem
ssl_cert = </etc/dovecot/cert.pem
ssl_key = </etc/dovecot/key.pem
ssl_verify_client_cert = yes
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
verbose_ssl = yes

Thanks for your help 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jeremy.jarry.vcf
Type: text/x-vcard
Size: 56 bytes
Desc: Card for "JARRY J?r?my"  <jeremy.jarry at admin.gmessaging.net>
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120816/afdab100/attachment-0002.vcf>