On Tue, 2009-09-22 at 10:02 -0700, Florin Andrei wrote:
> > ssl_require_client_cert = yes
> > remote_ip 192.168.0.0/16 {
> > ssl_require_client_cert = no
> > }
> >
> > That's almost possible in v2.0.
>
> "Almost"? :-)
Well, the problem is that this setting is checked by both auth process
and login process. Login process can handle it, auth process can't. Hmm.
A few possibilities:
1) Remove the check from auth process. It's probably not that useful.
Then again it adds an extra layer of security. Hmm.
2) Implement per-IP settings for auth process. Some day.. :)
3) You can probably already kludge around it:
ssl_require_client_cert = no
protocol imap {
ssl_require_client_cert = yes
remote_ip 192.168.0.0/16 {
ssl_require_client_cert = no
}
}
signature.asc
Description: This is a digitally signed message part
