Disable client authentication with certificates

Stefan Gofferje lists at home.gofferje.net
Tue Dec 3 07:29:07 EST 2013


I have a Cyrus IMAP and Postfix running. Some time ago, I configured
them for TLS and recently, I started to use also Thunderbird on those
and Thunderbird is asking me on startup which certificate to use for
identification for IMAP. Is there a way to tell Cyrus to *not* request
the client certificates at all?

Config attached.


 (o_   Stefan Gofferje            | SCLT, MCP, CCSA
 //\   Reg'd Linux User #247167   | VCP #2263
 V_/_  Heckler & Koch - the original point and click interface

-------------- next part --------------
rfc_ignore_8bit: on
configdirectory: /var/lib/imap
#artition-default: /var/spool/imap
partition-default: /server/imap
sievedir: /var/lib/sieve
admins: cyrus nobody
lmtp_admins: cyrus nobody
allowanonymouslogin: no
autocreatequota: 10000
#reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: auxprop
auxprop_plugin: sasldb
postuser: shared
allowplaintext: yes

lmtp_overquota_perm_failure: no
lmtpsocket: /var/spool/postfix/public/lmtp
# if you want TLS, you have to generate certificates and keys
tls_cert_file: /etc/apache2/x.x.x.pem
tls_key_file: /etc/apache2/x.x.x.pem
tls_ca_file: /etc/apache2/ca-certs.pem
#tls_ca_path: /usr/ssl/CA
tls_require_cert: false
tls_imap_require_cert: false
tls_pop3_require_cert: false
tls_lmtp_require_cert: false
tls_sieve_require_cert: false
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4079 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20131203/ff5b69fc/attachment.bin 

More information about the Info-cyrus mailing list