[Dovecot] 1.0rc26: ssl_verify_client=yes ?
Timo Sirainen
tss at iki.fi
Thu Mar 8 18:13:48 EET 2007
On Thu, 2007-03-08 at 16:40 +0100, Steffen Kaiser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 8 Mar 2007, Timo Sirainen wrote:
>
> >> Q2)
> >> The next step, if dovecot blocks the client because
> >> of the verify_client_cert, how to create certs for OE,
> >> Evolution and Thunderbird?
> >
> > I don't think most clients support SSL client certificates at all,
> > although I know some people are using them with some clients.. Maybe
> > someone could add a list of the clients supporting them into wiki.
>
> Er, a dummy question, I guess:
> Can you use client certs to login into Dovecot?
> Aka can use the certs as "passdb"?
Yes. It will still need some passdb, but you could use null password and
ssl_username_from_cert=yes settings in which case it doesn't matter what
user/password is used to log in.
But it circumvents Dovecot's login/auth process security model, so I
don't recommend it that much. Maybe some day I'll make login process
forward the client cert to dovecot-auth which does the actual
verification.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070308/7e8f9585/attachment.pgp
More information about the dovecot
mailing list