[Dovecot] Dovecot 2.2rc3 Client Cert Auth and Webmail -> auth_ssl_require_client_cert problem
Christian Felsing
hostmaster at taunusstein.net
Sun Mar 31 15:47:35 EEST 2013
Hi Timo,
thank you for that hint.
SELECT NULL AS password, 'Y' as nopassword, userid AS user FROM users
WHERE userid = '%u'
does not work, seems Dovecot 2.2rc3 ignores nopassword, so my solution is:
password_query = SELECT MD5('%w') AS password, userid AS user FROM users
WHERE (userid = '%u') and (('%k' = 'valid') or ('%r' = '192.168.116.30'));
so Dovecot accepts any password provided by user. This solution works
now for users which are directily using imap or pop3 _and_ for users
which are using Horde webmail frontend backed by Dovecot. This is now a
configuration which does not need any passwords stored on server which
provides IMHO more security.
best regards
Christian
Am 31.03.2013 10:29, schrieb Timo Sirainen:
>> Is there any way to turn off client certs for specific local or remote
>> IP addresses?
>
> In your passdb you can use %r = remote IP and %k = certificate valid to figure out if the user is allowed or not. For example with SQL passdb that would be possible, or checkpassword. http://wiki2.dovecot.org/Variables
>
More information about the dovecot
mailing list