SSL Client authentication with trustcenter-certificate
dovecot.pkoch at dfgh.net
dovecot.pkoch at dfgh.net
Mon Nov 3 22:46:20 UTC 2014
Dear reader,
we are using dovecot 2.2.7 and like it very much. Authentication is done
via a checkpassword program that does two things:
1) check wether the client has connected via SSL using a client certificate
2) check wether the client is using a one time password generator
Most of our users are using certificates that we have created ourself.
These certificates contain a x500uniqueidentifier.
But some users are using certificates from a german trust center and these
certificates do not contain a x500uniqueIdentifier nor something similar.
I would like to map these certificates to user accounts and my first idea
was to do so from my checkpassword programm.
But how do I find out the client-certificate from within a checkpassword
script. I tried to add an additional entry to
auth_request_var_expand_static_tab and fill in that environment variable in
auth_request_get_var_expand_table_full() (both in src/auth/auth-request.c).
But where do I find the SSL-context from which I can extract the client
certificate?
Kind regards
Peter Koch
More information about the dovecot
mailing list