Zitat von Wietse Venema <wie...@porcupine.org>:
lst_ho...@kwsoft.de:
What is the way to go to take part of the feature development? I looks
like we need a slight modification of the auth external as described.
Mailin glist discussions.
Eventually there will be a postfix-xxxx-nonprod release that combines
all the code (jay) and none of the guarantees (bleh).
I am not convinced that stuffing arbitrary PKI identities into a
SASL identity is necessarily a good idea. Maybe it is safer to solve
this problem without PKI-to-SASL cross-talk.
Wietse
At least in my case no SASL would be needed. For me a
relay_clientcerts able to list allowed validated CNs would be enough.
The SASL stuff will be handy for tie a "identity" to certificates and
assign additional rights/limits of course.
Andreas
