Hi everybody,

I'm using SSL client certificates or checkpassword scripts to authenticate our users. If a user sent a client certificate from his smartcard my checkpasswort will ignore the password, if he does not sent a client certificate but uses his OTP-token then my checkwassword script will check wether the password is a correct one time password.

My problem is: the AUTH_USER variable will either contain the username that was configured in the mailclient (if auth_ssl_username_from_cert=false) or the username from the certificate (if auth_ssl_username_from_cert=true).

I would like to compare both values, i.e. the %{user} Dovecot-variable and the %{orig_user} Dovecot-variable. But the environment of a checkpassword-script has only one of them.

Any ideas?

I tried to change the source and found the routine where all the AUTH_xxx environment variables are created. But the %{orig_user] variable was empty at that point, so no AUTH_ORIG_USER variable is created.

I'm afraight that whenever the %{user}-Variable is replaced by the UID from the client certificate (due to auth_ssl_username_from_cert=true), the original value of %{user} is NOT copied into %{orig_user}

Can someone more familiar with the dovecot source check this please or give me a hint where to look further

Kind regards

Peter Koch