On Fri, 2007-08-24 at 23:57 +0200, Martin Lambers wrote: > Hi! > > I'd like to configure dovecot to use only TLS client certificates for > authentication. After the user presented a client certificate and that > certificate was verified, no password-based authentication should be > necessary anymore. > > Is this currently possible? Or would this require support for the SASL > EXTERNAL mechanism?
Pretty much all clients still want to send username and password. You could have Dovecot get the username from the certificate (ssl_username_from_cert=yes) and allow it to authenticate with any password. Easiest way to do that would be to use a SQL passdb: password_query = select null as password, 'Y' as nopassword With a SQLite backend it wouldn't need even a server.
signature.asc
Description: This is a digitally signed message part
