ssl client certificates

Johannes Rußek russek at win-rar.com
Wed Sep 10 07:48:22 EDT 2008


Hello Wesley,
thanks for the information. I managed to find the code in tls.c and
imapd.c and it seems as if it you were right :) which is good news!
but it's bad news that we use the UID attribute for the "username", and
CN for the actual name (like Johannes Russek in my case). :/
it also doesn't seem to be configurable (yet), so i might check if i can
hack tls.c for that. (would anyone else think this is a good idea? e.g.
to specify the attribute that contains the username/userid used for
cyrus mailstore?
thanks!
johannes


Am Dienstag, den 09.09.2008, 14:03 -0400 schrieb Wesley Craig:
> I haven't tried it, but it's certainly meant to.  The name of the  
> user should be in the CN attribute of the subject certificate.
> 
> :wes
> 
> On 09 Sep 2008, at 08:58, Johannes Rußek wrote:
> > so cyrus does support ssl client certificates (otherwise there  
> > wouldn't
> > be errors such as "TLS server engine: No CA file
> > specified. Client side certs may not work"), but can i use client  
> > certs
> > as a replacement to username/password logins? e.g. use the cert to map
> > the x509 subject to the username of the user?
-- 
****************************************************************************
Please vote for WinRAR at the ESWC Epsilon Award 2008.
To vote, go to
https://digiumenterprise.com/answer/?sid=234683&chk=UG3B5W7X
****************************************************************************
****************************************************************************

Best Regards,

Johannes Rußek
Linux/UNIX Administration

win.rar GmbH
Schumannstr. 17
10117 Berlin
Germany

www.win-rar.com    (website)
russek at win-rar.com (e-mail)

+49 30 28886758  (tel Zentrale)
+49 30 28884514 (fax)

****************************************************************************
win.rar GmbH Berlin                           |    HR B-Nr. 109885 B
Management: Öncül Kaya, Burak Canboy          |    Amtsgericht Charlottenburg
****************************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2616 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080910/d41e081f/attachment.bin 


More information about the Info-cyrus mailing list