Hi Timo,
thank you for that hint.
SELECT NULL AS password, 'Y' as nopassword, userid AS user FROM users WHERE userid = '%u' does not work, seems Dovecot 2.2rc3 ignores nopassword, so my solution is:
password_query = SELECT MD5('%w') AS password, userid AS user FROM users WHERE (userid = '%u') and (('%k' = 'valid') or ('%r' = '192.168.116.30'));
so Dovecot accepts any password provided by user. This solution works now for users which are directily using imap or pop3 _and_ for users which are using Horde webmail frontend backed by Dovecot. This is now a configuration which does not need any passwords stored on server which provides IMHO more security.
best regards Christian
Am 31.03.2013 10:29, schrieb Timo Sirainen:
Is there any way to turn off client certs for specific local or remote IP addresses?
In your passdb you can use %r = remote IP and %k = certificate valid to figure out if the user is allowed or not. For example with SQL passdb that would be possible, or checkpassword. http://wiki2.dovecot.org/Variables