Dear reader,
we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things:
- check wether the client has connected via SSL using a client certificate
- check wether the client is using a one time password generator
Most of our users are using certificates that we have created ourself. These certificates contain a x500uniqueidentifier.
But some users are using certificates from a german trust center and these certificates do not contain a x500uniqueIdentifier nor something similar.
I would like to map these certificates to user accounts and my first idea was to do so from my checkpassword programm.
But how do I find out the client-certificate from within a checkpassword script. I tried to add an additional entry to auth_request_var_expand_static_tab and fill in that environment variable in auth_request_get_var_expand_table_full() (both in src/auth/auth-request.c).
But where do I find the SSL-context from which I can extract the client certificate?
Kind regards
Peter Koch