Quoting Karol Babioch <[email protected]>:
Hi list,
I'm currently looking into ways of making use of client certificates. I
want to force external clients (i.e. anything outside the local subnet)
to use client certificates. It is my understanding that this in itself
can be achieved with the "ssl_require_client_cert" setting.
However, I also want local clients (i.e. anything from a specific
subnet) to be able to authenticate by the usual means (i.e.
password-based).
How about a second front-end? One dovecot-proxy for external users that
requires certs, the other is the 'real' machine accessible directly only
for internal users.
Rick