[Dovecot] SSL Certificate Authentication
Andrey Panin
pazke at donpac.ru
Thu Dec 18 17:14:40 EET 2008
On 353, 12 18, 2008 at 01:13:27PM +0100, Thomas Siebert wrote:
> What you really want is the "AUTH EXTERNAL" authentication mechanism. This
> would authenticate your users based on the used certificate. Unfortunately,
> this mechanism is not supported in dovecot as well as in most clients.
> Courier supports it since some months if you really need it.
What widespread mail clients support EXTERNAL ? BTW it's trivial to implement
it dovecot if there is a real demand.
> There's no way in dovecot to use no password, but there's one to use any
> password: Your password database has to return the field "nopassword", value
> 1. But you should consider that this means that your users can impersonate
> any other user on your mailserver as the SSL certificate here only controls
> access, but not identity.
That's not true. Look at ssl_username_from_cert and ssl_cert_username_field
configuration parameters.
> > -----Original Message-----
> > From: dovecot-bounces+siebert+lists=et.rub.de at dovecot.org
> > [mailto:dovecot-bounces+siebert+lists=et.rub.de at dovecot.org] On Behalf
> > Of Anthony Davies
> > Sent: Thursday, December 18, 2008 12:27 AM
> > To: dovecot at dovecot.org
> > Subject: [Dovecot] SSL Certificate Authentication
> >
> > Hi Guys,
> >
> > I am using the SSL Client Certificate authentication method for my
> > Dovecot instance, however rather then just requiring the client
> > certificate it also prompts me for my user password.
> >
> > My certificate was securely generated on a smart card and is passphrase
> > protected so I would like to stop having to enter my certificate
> > passphrase and my user password to collect my mail. Where abouts in the
> > config file can I resolve this issue?
> >
> > Cheers,
> >
> > Tony Davies
>
>
>
More information about the dovecot
mailing list