Quoting Karol Babioch <[email protected]>:

Hi list,

I'm currently looking into ways of making use of client certificates. I
want to force external clients (i.e. anything outside the local subnet)
to use client certificates. It is my understanding that this in itself
can be achieved with the "ssl_require_client_cert" setting.

However, I also want local clients (i.e. anything from a specific
subnet) to be able to authenticate by the usual means (i.e.
password-based).

How about a second front-end? One dovecot-proxy for external users that
requires certs, the other is the 'real' machine accessible directly only
for internal users.

Rick

Reply via email to