Special authentication use case
Folks,
I'm trying to configure dovecot SASL with two use cases : - First with XOAUTH2 : I've managed to get it working, pretty right out of the box, developers have done a great job :-) - Second with Client TLS Certificate with no luck.
Let me explain, the certificate brought by the client does not have any clue of associated email, I have to check that username (=email) sent by the client is really related to some information included in the certificate (I have to extract the OU and then lookup into a table of authorized mails for that OU).
Is it possible to do that with dovecot ? I think yes but I'm looking for direction to achieve that. Lua maybe ?
Our configuration : - OS : Debian 11
$ /usr/sbin/dovecot --version 2.3.13 (89f716dc2)
Regards.
-- Philippe MARASSE
Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19
Hello,
Confirmed that LUA authentication is working.
BTW, a feature request : is it possible to have the complete DN of the certificate available during LUA authentication ?
Regards.
Le 02/02/2023 à 14:09, Philippe MARASSE a écrit :
Folks,
I'm trying to configure dovecot SASL with two use cases : - First with XOAUTH2 : I've managed to get it working, pretty right out of the box, developers have done a great job :-) - Second with Client TLS Certificate with no luck.
Let me explain, the certificate brought by the client does not have any clue of associated email, I have to check that username (=email) sent by the client is really related to some information included in the certificate (I have to extract the OU and then lookup into a table of authorized mails for that OU).
Is it possible to do that with dovecot ? I think yes but I'm looking for direction to achieve that. Lua maybe ?
Our configuration : - OS : Debian 11
$ /usr/sbin/dovecot --version 2.3.13 (89f716dc2)
Regards.
-- Philippe MARASSE
Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19
participants (1)
-
Philippe MARASSE