Send full X.509 client certificate to custom authentication policy server
I'm working with Dovecot 2.3 and I'm wondering if I could send the full X.509 client certificate to my custom authentication policy server.
I'm actually aware that I can send the client certificate validity status with something like:
auth_policy_request_attributes = ... cert=%{cert}
But I want the full X.509 certificate to be able to decide over the basis of certificate extensions, e.g. Certificate Policies extension.
Is it currently possible?, what about Lua based authentication?, does Lua currently receive the full client certificate?.
Jaime Hablutzel - RPC 994690880
On January 26, 2018 at 7:15 PM Jaime Hablutzel Egoavil hablutzel1@gmail.com wrote:
I'm working with Dovecot 2.3 and I'm wondering if I could send the full X.509 client certificate to my custom authentication policy server.
I'm actually aware that I can send the client certificate validity status with something like:
auth_policy_request_attributes = ... cert=%{cert}
But I want the full X.509 certificate to be able to decide over the basis of certificate extensions, e.g. Certificate Policies extension.
Is it currently possible?, what about Lua based authentication?, does Lua currently receive the full client certificate?.
Jaime Hablutzel - RPC 994690880
The cert is only received by the login process, validated and some details picked up, and then discarded. Unfortunately what you want is not really possible currently.
Auth process gets only the details that are picked up by login process.
Aki
participants (2)
-
Aki Tuomi
-
Jaime Hablutzel Egoavil