Require certificate for external clients
Karol Babioch
karol at babioch.de
Fri Feb 27 14:30:04 UTC 2015
Hi list,
I'm currently looking into ways of making use of client certificates. I
want to force external clients (i.e. anything outside the local subnet)
to use client certificates. It is my understanding that this in itself
can be achieved with the "ssl_require_client_cert" setting.
However, I also want local clients (i.e. anything from a specific
subnet) to be able to authenticate by the usual means (i.e. password-based).
As far as I know dovecot is not able to operate on multiple ports, as
stated in the FAQ [1]. The redirect approach, which is also mentioned
there, is of no help to me, because in my case I would need a different
setup on both ports. Other suggestions [2] won't work in my case either.
I probably could get away with using "imaps" for external clients, while
using "imap" (without SSL) for internal ones. Having said this, I don't
quite like the idea, especially since the traffic might pass through
some potentially unsecure networks and I don't want to bother with
VPN/SSH tunnels for that purpose. A native SSL/TLS solution would be
very much appreciated.
Is there a (recommended) way to do this?
Thanks in advance.
Best regards,
Karol Babioch
[1]:
http://wiki.dovecot.org/QuestionsAndAnswers#Is_it_possible_to_have_Dovecot_imap.2BAC8-pop_daemons_listening_on_multiple_ports.3F
[2]: http://www.dovecot.org/list/dovecot/2010-November/054804.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150227/7d86b0d8/attachment.sig>
More information about the dovecot
mailing list