After client authenticated STARTTLS, no EXTERNAL?
Simon Josefsson
jas at extundo.com
Fri May 28 04:56:24 EDT 2004
Rob Siemborski <rjs3 at andrew.cmu.edu> writes:
> On Thu, 27 May 2004, Simon Josefsson wrote:
>
>> Hello. Is it possible to get client authenticated STARTTLS working
>> with Cyrus IMAPD, without a password login?
>>
>> I'm assuming EXTERNAL would be used for this, so here is what I put in
>> imapd.conf:
>>
>> sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 EXTERNAL
>
> Yes, it can, provided you authenticate with a proper trusted client
> cert
Great, I was mostly looking for confirmation that it was intended to
work. IMHO, there should be an attribute in the certificate that
convey SASL authentication/authorization identities; deriving it from
the CN is ugly.
Thanks,
Simon
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list