[Dovecot] require SSL certs only for encrypted connections?
Timo Sirainen
tss at iki.fi
Mon Sep 28 21:31:16 EEST 2009
On Tue, 2009-09-22 at 10:02 -0700, Florin Andrei wrote:
> > ssl_require_client_cert = yes
> > remote_ip 192.168.0.0/16 {
> > ssl_require_client_cert = no
> > }
> >
> > That's almost possible in v2.0.
>
> "Almost"? :-)
Well, the problem is that this setting is checked by both auth process
and login process. Login process can handle it, auth process can't. Hmm.
A few possibilities:
1) Remove the check from auth process. It's probably not that useful.
Then again it adds an extra layer of security. Hmm.
2) Implement per-IP settings for auth process. Some day.. :)
3) You can probably already kludge around it:
ssl_require_client_cert = no
protocol imap {
ssl_require_client_cert = yes
remote_ip 192.168.0.0/16 {
ssl_require_client_cert = no
}
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090928/f246e261/attachment.bin
More information about the dovecot
mailing list