ssl client certificates

Johannes Rußek russek at
Wed Sep 10 07:48:22 EDT 2008

Hello Wesley,
thanks for the information. I managed to find the code in tls.c and
imapd.c and it seems as if it you were right :) which is good news!
but it's bad news that we use the UID attribute for the "username", and
CN for the actual name (like Johannes Russek in my case). :/
it also doesn't seem to be configurable (yet), so i might check if i can
hack tls.c for that. (would anyone else think this is a good idea? e.g.
to specify the attribute that contains the username/userid used for
cyrus mailstore?

Am Dienstag, den 09.09.2008, 14:03 -0400 schrieb Wesley Craig:
> I haven't tried it, but it's certainly meant to.  The name of the  
> user should be in the CN attribute of the subject certificate.
> :wes
> On 09 Sep 2008, at 08:58, Johannes Rußek wrote:
> > so cyrus does support ssl client certificates (otherwise there  
> > wouldn't
> > be errors such as "TLS server engine: No CA file
> > specified. Client side certs may not work"), but can i use client  
> > certs
> > as a replacement to username/password logins? e.g. use the cert to map
> > the x509 subject to the username of the user?
Please vote for WinRAR at the ESWC Epsilon Award 2008.
To vote, go to

Best Regards,

Johannes Rußek
Linux/UNIX Administration

win.rar GmbH
Schumannstr. 17
10117 Berlin
Germany    (website)
russek at (e-mail)

+49 30 28886758  (tel Zentrale)
+49 30 28884514 (fax)

win.rar GmbH Berlin                           |    HR B-Nr. 109885 B
Management: Öncül Kaya, Burak Canboy          |    Amtsgericht Charlottenburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2616 bytes
Desc: not available
Url : 

More information about the Info-cyrus mailing list