[Dovecot] imaps, certificate and authentification
hello,
first sorry for my poor english
I'm doing the migration from UW-imap to Dovecot I have two question about the authentification in the imaps (port 993) process
In dovecot .conf I can enable (or disable) the différent port (pop, pops, imap, imaps) and may be restrict the access to the serveur with the ip adresse. Can I configure dovecot in imaps so it permit the access if the certificate is knowing by the server? Actually, this is the process to authenticate in WU-imap on imaps : the client connect to the server through a tunnel SSL (stunnel) and only if stunnel know the certificate, then the client can connect.
and more, Is it possible when the client (with a certificate) connect to the serveur with imaps to authenticate the user without prompting the password, so the authentication is throught the certificate ?
These are similar functionnality in the apache server with the restriction access to location et authentification with certificate.
thanks
-- Jean-Noel
On 6.12.2004, at 18:41, jean-Noël Chardron wrote:
In dovecot .conf I can enable (or disable) the différent port (pop, pops, imap, imaps) and may be restrict the access to the serveur with the ip adresse. Can I configure dovecot in imaps so it permit the access if the certificate is knowing by the server? Actually, this is the process to authenticate in WU-imap on imaps : the client connect to the server through a tunnel SSL (stunnel) and only if stunnel know the certificate, then the client can connect.
It's possible, but only in 1.0-tests:
ssl_verify_client_cert = yes ssl_require_client_cert = yes
Are you already using it? I don't think most clients support it at all.
and more, Is it possible when the client (with a certificate) connect to the serveur with imaps to authenticate the user without prompting the password, so the authentication is throught the certificate ?
Not yet, but I somehow doubt many clients would work with it.
Timo Sirainen wrote:
On 6.12.2004, at 18:41, jean-Noël Chardron wrote:
In dovecot .conf I can enable (or disable) the différent port (pop, pops, imap, imaps) and may be restrict the access to the serveur with the ip adresse. Can I configure dovecot in imaps so it permit the access if the certificate is knowing by the server? Actually, this is the process to authenticate in WU-imap on imaps : the client connect to the server through a tunnel SSL (stunnel) and only if stunnel know the certificate, then the client can connect.
It's possible, but only in 1.0-tests:
ssl_verify_client_cert = yes ssl_require_client_cert = yes
Are you already using it?
the version of dovecot on my system is 0.99-11 (on a fedora core 3) We shall go in production this night. for imaps,... I will be waiting the next release...
I don't think most clients support it at all.
Mozilla and Netscape do it and may be evolution (I have to do test for evolution).
participants (2)
-
jean-Noël Chardron
-
Timo Sirainen