On 353, 12 18, 2008 at 01:13:27PM +0100, Thomas Siebert wrote:
What you really want is the "AUTH EXTERNAL" authentication mechanism. This would authenticate your users based on the used certificate. Unfortunately, this mechanism is not supported in dovecot as well as in most clients. Courier supports it since some months if you really need it.
What widespread mail clients support EXTERNAL ? BTW it's trivial to implement it dovecot if there is a real demand.
There's no way in dovecot to use no password, but there's one to use any password: Your password database has to return the field "nopassword", value
- But you should consider that this means that your users can impersonate any other user on your mailserver as the SSL certificate here only controls access, but not identity.
That's not true. Look at ssl_username_from_cert and ssl_cert_username_field configuration parameters.
-----Original Message----- From: dovecot-bounces+siebert+lists=et.rub.de@dovecot.org [mailto:dovecot-bounces+siebert+lists=et.rub.de@dovecot.org] On Behalf Of Anthony Davies Sent: Thursday, December 18, 2008 12:27 AM To: dovecot@dovecot.org Subject: [Dovecot] SSL Certificate Authentication
Hi Guys,
I am using the SSL Client Certificate authentication method for my Dovecot instance, however rather then just requiring the client certificate it also prompts me for my user password.
My certificate was securely generated on a smart card and is passphrase protected so I would like to stop having to enter my certificate passphrase and my user password to collect my mail. Where abouts in the config file can I resolve this issue?
Cheers,
Tony Davies