Horde/IMP authentication to Cyrus via client certificates?
Igor Brezac
igor at ipass.net
Thu Feb 17 22:07:09 EST 2005
On Thu, 17 Feb 2005, Edward Rudd wrote:
> On Wed, 16 Feb 2005 21:18:07 -0700, Kevin P. Fleming wrote:
>
> [snip]
>>
>> Any thoughts on how difficult it would be to get Cyrus IMAP to accept a
>> client certificate, validate it and automatically "log in" the user once
>> that is done? I'll happily contribute the code back to CMU if I get it
>> working, but I though I'd ask the gurus for their opinions before I
>> tried to tackle it :-)
>
SASL/EXTERNAL is what you want although I have to not tried it. OpenLDAP
works great. In theory, the CN part of the client certitificate subject
needs to be a valid mailbox. You can test this with imtest -t
client_cert_file -m EXTERNAL .... I assume that you have SSL/TLS working.
Your bigger issue is to find a client that supports SASL/EXTERNAL. I do
not believe c-client library (this is what drives IMP/Horde via PHP)
supports SASL/EXTERNAL, so this is what you need to start hacking.
--
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list