[Dovecot] Dovecot 2.2rc3 Client Cert Auth and Webmail -> auth_ssl_require_client_cert problem
Timo Sirainen
tss at iki.fi
Sun Mar 31 11:29:49 EEST 2013
On 27.3.2013, at 10.49, Christian Felsing <hostmaster at taunusstein.net> wrote:
> I would like to set up a Dovecot based mail system which uses X.509
> Client Certificates for authentication. A webmail system based on Horde5
> should use Dovecot as backend.
..
> Unfortunately Dovecot does not support different authentication methods
> on different IP addresses or ports. This does not work:
>
> remote 192.168.116.28/32 {
> auth_ssl_require_client_cert = no
> auth_ssl_username_from_cert = yes
> disable_plaintext_auth = no
> ssl = yes
>
> }
>
> Result is "doveconf: Fatal: Error in configuration file
> /opt/dovecot-2.2.rc3/etc/dovecot/conf.d/10-auth.conf line 103: Auth
> settings not supported inside local/remote blocks:
> auth_ssl_require_client_cert"
Right. Would be nice to support at some point, but not that easy to implement.
> Is there any way to turn off client certs for specific local or remote
> IP addresses?
In your passdb you can use %r = remote IP and %k = certificate valid to figure out if the user is allowed or not. For example with SQL passdb that would be possible, or checkpassword. http://wiki2.dovecot.org/Variables
More information about the dovecot
mailing list