On Thu, 2007-03-08 at 16:40 +0100, Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 8 Mar 2007, Timo Sirainen wrote:
Q2) The next step, if dovecot blocks the client because of the verify_client_cert, how to create certs for OE, Evolution and Thunderbird?
I don't think most clients support SSL client certificates at all, although I know some people are using them with some clients.. Maybe someone could add a list of the clients supporting them into wiki.
Er, a dummy question, I guess: Can you use client certs to login into Dovecot? Aka can use the certs as "passdb"?
Yes. It will still need some passdb, but you could use null password and ssl_username_from_cert=yes settings in which case it doesn't matter what user/password is used to log in.
But it circumvents Dovecot's login/auth process security model, so I don't recommend it that much. Maybe some day I'll make login process forward the client cert to dovecot-auth which does the actual verification.