Dear List,
I have a few questions regarding dovecot sasl authentication that are somewhat related to each other.
I have a working dovecot config with
ssl_verify_client_cert = yes .. . ssl_require_client_cert = yes ssl_username_from_cert = yes
(With this set up I need not set a correct user name in my mail client so long as I have it correctly in cert.)
It turns out that I cannot export client socket to postfix to do smtp authentication unless I comment out ssl_require_client_cert=yes
Does it mean that postfix is not passing to dovecot any information about certificate? Is passing certificate information not part of sasl framework? If so I won't be able to use it with a different sasl implementation.
Also if I comment out ssl_require_client_cert=yes, then I can no longer use username from cert to log in to retrieve my pop mail.
I prefer to get username this way otherwise my thunderbird mailbox reads user@domain.org@domain.org; I could have more than one domain in my dovecot servers.
Thanks
mr.wu