27 Feb
2015
27 Feb
'15
4:37 p.m.
Quoting Karol Babioch <karol@babioch.de>:
Hi list,
I'm currently looking into ways of making use of client certificates. I want to force external clients (i.e. anything outside the local subnet) to use client certificates. It is my understanding that this in itself can be achieved with the "ssl_require_client_cert" setting.
However, I also want local clients (i.e. anything from a specific subnet) to be able to authenticate by the usual means (i.e. password-based).
How about a second front-end? One dovecot-proxy for external users that requires certs, the other is the 'real' machine accessible directly only for internal users.
Rick