client side certificate support
craig at postnewspapers.com.au
Fri Sep 3 00:52:44 EDT 2004
On Fri, 2004-09-03 at 00:22, James Miller wrote:
> Hi everyone,
> I've been searching around and haven't had much success finding a good
> reference for setting up cyrus-imap to use client side certificates.
> I have no problem with creating a CA and creating certs from the CA. I'm
> using them w/Sendmail and STARTTLS.
> I would appreciate any suggestions or pointers.
If you're trying to use a client cert as the main authentication method,
I can't help you - I don't know if it's even supported, though the
provision for it is there (isn't that what EXTERNAL is meant for?).
If you simply want to require a valid client cert, set:
in your imapd.conf along, presumably, with
sasl_mech_list: PLAIN <--- this may differ in your setup
sasl_pwcheck_method: saslauthd <--- this may differ in your setup
My users must still authenticate with a password, but cyrus won't even
let anybody without a client cert authenticate - which, for my purposes,
is the desired result.
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus