Good afternoon, >> > My current imap server is Courier. And having finally set up >> > mutt to use imap based message stores I'd like to also use my >> > ssl shared key for authentication. Courier does not support >> > this. What imap servers do? >> > >> > (currently searching Dovecot references...) >> >> I've used both dovecot and courier with SSL certificates so i'm >> not sure why you are not able to. >> >> I might be misunderstanding what an SSL shared key is. > >This is for client authentication when connecting to the imap >server.
So, you would like to use a client-side SSL certificate and you want the server to validate that certificate? https://www.stunnel.org/features.html >Rather than checking my password against /etc/shadow I want >it to request my shared key stored in ~/.ssh and compare to the >public version in ~/.ssh on the mail server. You appear to be asking about SSL in the subject line, but referring to a 'shared key stored in ~/.ssh' in the body. It is unclear from this whether you mean ssh or client-identifying SSL certificates. That is probably immaterial given that you simply want to use mutt to talk to your (courier) imapd. Given: A) your question sounds like you are asking only for yourself B) theconvenient factor that courier-imap functions as a forked one-process-per-connection service C) you already have shell access to the remote server (sounds like it is yours) Then: Why not use ssh as the transport instead of bothering with SSL? In that case you could use a force-command option in ~/.ssh/authorized_keys (server side): command='/usr/lib/courier-imap/bin/imapd Maildir' If you need to set a bunch of environment variables ahead of time, then simply replace that command='' with the path to a shell script that sets the appropriate envars and ends with: exec \ /usr/lib/courier-imap/bin/imapd Maildir Or whatever suits your fancy. >Much like being able to ssh to another server when you have the >keys set up. If you actually meant that you want your server (couriertls) to validate an offered client certificate, then you could also use an SSL-capable transport layer shim like stunnel [0] (cf. Bri Hatch from Seattle's gslug). That's all, -Martin P.S. What versions of the various courier tools are you using in order to get mutt to communicate happily with the imapd? [0] https://www.stunnel.org/features.html -- Martin A. Brown http://linux-ip.net/ _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
