3 Nov
2009
3 Nov
'09
8:45 p.m.
On Mon, 2009-11-02 at 14:22 +0100, dovecotlist@encambio.com wrote:
We would like to make it possible for users with a X.509 client certificate to log in without providing LDAP or any other credentials.
Well.. These get you a bit further:
ssl_ca_file = /pfx/etc/dovecot/dovecot-caroots.pem ssl_verify_client_cert = yes auth_ssl_username_from_cert = yes
but to disable password check the passdb also needs to check if %k variable's value is "valid". With SQL this would be easy. With LDAP, I guess it doesn't really work now. Unless you used e.g. checkpassword script to do both checks.