Hello Timo, On Tues., Nov 03, 2009, Timo SIRAINEN wrote: >On Mon, 2009-11-02 at 14:22 +0100, [email protected] wrote: >> We would like to make it possible for users with a X.509 client >> certificate to log in without providing LDAP or any other >> credentials. > >Well.. These get you a bit further: > >ssl_ca_file = /pfx/etc/dovecot/dovecot-caroots.pem >ssl_verify_client_cert = yes >auth_ssl_username_from_cert = yes > We've got that as well as:
ssl_cert_username_field = emailAddress >but to disable password check the passdb also needs to check if %k >variable's value is "valid". With SQL this would be easy. With LDAP, I >guess it doesn't really work now. Unless you used e.g. checkpassword >script to do both checks. > Thanks Timo, I'll check out the checkpassword script feature which I think is new to Dovecot since a few months. We're not using SQL at atll, so hopefully it will work with LDAP and checkpassword. Regards, Brian
