Re: [courier-users] Authenticate Clients via TLS client cert
Hello. [sorry for sending this via private mail before. my fault.] Am 02.07.2017 um 23:06 schrieb Sam Varshavchik: > http://www.courier-mta.org/install.html#sslcert > Also described further in the esmtpd-ssl configuration file, under > TLS_EXTERNAL. > For this to work, the certificate subject needs to specify whatever > would be used for the login ID when authenticating manually. Wow, perfect. I missed that completely. Tank you for the pointer! regards, Bernd signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Authenticate Clients via TLS client cert
Bernd Wurst writes: Hello, I'm struggling with the question if it is possible to authenticate clients (optionally) with a client certificate. I found some docs about dovecot implementing this [1] and was wondering if courier (SMTP) could also be used with this? I could not find something about it in the docs. The desired use would be that we operate a local CA and issue certificates that contain a user name (e-mail-address) as common name and courier authenticates this certificate as the given user, so that logging and processing will continue have the sender's data. [1]: "Client certificate verification/authentication", half way down at https://wiki.dovecot.org/SSL/DovecotConfiguration http://www.courier-mta.org/install.html#sslcert Also described further in the esmtpd-ssl configuration file, under TLS_EXTERNAL. For this to work, the certificate subject needs to specify whatever would be used for the login ID when authenticating manually. pgpi8XcrDFBKM.pgp Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Authenticate Clients via TLS client cert
Hello, I'm struggling with the question if it is possible to authenticate clients (optionally) with a client certificate. I found some docs about dovecot implementing this [1] and was wondering if courier (SMTP) could also be used with this? I could not find something about it in the docs. The desired use would be that we operate a local CA and issue certificates that contain a user name (e-mail-address) as common name and courier authenticates this certificate as the given user, so that logging and processing will continue have the sender's data. [1]: "Client certificate verification/authentication", half way down at https://wiki.dovecot.org/SSL/DovecotConfiguration regards, Bernd signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users