Cyrus Pop3 and Client Side Certificates
Dan White
dwhite at olp.net
Mon Dec 17 15:11:44 EST 2012
On 12/17/12 12:26 -0600, Sumit Malhotra wrote:
>We are looking to enforce two layer of authentication on POP3S.
>
>We want to ensure that *if and only if* a Machine/Laptop/Client has a SSL
>Certificate is installed then only it can connect and authenticate with
>the POP3 Server else it fails. Is that possible?
set:
tls_require_cert: 1
or, specifically just for pop3s:
<cyrus.conf/pop3s-service-name>_tls_require_cert: 1
In /etc/cyrus.conf, you'll want to remove any references to pop3 (without
the -s option). e.g.:
#pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=200
pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=100
in imapd.conf:
pop3s_tls_require_cert: 1
You'll also need to configure tls_ca_file or tls_ca_path.
--
Dan White
More information about the Cyrus-devel
mailing list