[Dovecot] SSL Certificate Authentication

Thomas Siebert siebert at et.rub.de
Thu Dec 18 14:13:27 EET 2008


What you really want is the "AUTH EXTERNAL" authentication mechanism. This
would authenticate your users based on the used certificate. Unfortunately,
this mechanism is not supported in dovecot as well as in most clients.
Courier supports it since some months if you really need it.

There's no way in dovecot to use no password, but there's one to use any
password: Your password database has to return the field "nopassword", value
1. But you should consider that this means that your users can impersonate
any other user on your mailserver as the SSL certificate here only controls
access, but not identity.

> -----Original Message-----
> From: dovecot-bounces+siebert+lists=et.rub.de at dovecot.org
> [mailto:dovecot-bounces+siebert+lists=et.rub.de at dovecot.org] On Behalf
> Of Anthony Davies
> Sent: Thursday, December 18, 2008 12:27 AM
> To: dovecot at dovecot.org
> Subject: [Dovecot] SSL Certificate Authentication
> 
> Hi Guys,
> 
> I am using the SSL Client Certificate authentication method for my
> Dovecot instance, however rather then just requiring the client
> certificate it also prompts me for my user password.
> 
> My certificate was securely generated on a smart card and is passphrase
> protected so I would like to stop having to enter my certificate
> passphrase and my user password to collect my mail. Where abouts in the
> config file can I resolve this issue?
> 
> Cheers,
> 
> Tony Davies




More information about the dovecot mailing list