I would appreciate this feature as well. Because i am using postfix relaying with permit_tls_clientcerts and it just checks the fingerprints of the certs. It find it far more convenient than using something like pam and authorising with user accounts. Postfix can use this features also in combination with normal sasl methods. < Using OpenSSL for authentication brings
in tons of more code that has to be relied on. Your port 22 is closed or does not rely on the the OpenSSL lib ? I took a short look at the sources from postfix but i am not too sure if it´s easy to include in dovecot. Just a idea.
Regards Jan
Timo Sirainen wrote:
Personally I'd really like to get the current CVS code fully working as intended. Then there's some long standing bugs/features (eg. recent counters). Then some NFS safety problems. All those should have been fixed long ago. yes, it's better to get dovecot stable first.
Also currently there's only dovecot-auth and master processes in Dovecot which have to be free of security holes to avoid pre-login security holes. That's not a lot of code. Using OpenSSL for authentication brings in tons of more code that has to be relied on.
I understand. But please, keep it in mind for later versions of dovecot!