Disable client authentication with certificates
Wolfgang Breyha
wbreyha at gmx.net
Tue Dec 10 05:49:12 EST 2013
Stefan Gofferje wrote, on 10.12.2013 08:17:
> There are options?
>
> tls_require_cert: false
> tls_imap_require_cert: false
> tls_pop3_require_cert: false
> tls_lmtp_require_cert: false
> tls_sieve_require_cert: false
>
> Why ask for a cert when the config says it's not needed? Or do I see
> this too naive?
cyrus distinguishes between asking for a cert and requiring a cert. I don't
know why, sorry. Sometimes it is practical to ask for a cert and only try to
verify it without enforcing it. But asking for certs while incapable to verify
them (without CAs) seems odd. That's why I decided to do it that way.
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha at gmx.net> | http://www.blafasel.at/
Vienna University Computer Center | Austria
More information about the Info-cyrus
mailing list