Disable client authentication with certificates

Wolfgang Breyha wbreyha at gmx.net
Tue Dec 10 05:49:12 EST 2013


Stefan Gofferje wrote, on 10.12.2013 08:17:
> There are options?
> 
> tls_require_cert: false
> tls_imap_require_cert: false
> tls_pop3_require_cert: false
> tls_lmtp_require_cert: false
> tls_sieve_require_cert: false
> 
> Why ask for a cert when the config says it's not needed? Or do I see
> this too naive?

cyrus distinguishes between asking for a cert and requiring a cert. I don't
know why, sorry. Sometimes it is practical to ask for a cert and only try to
verify it without enforcing it. But asking for certs while incapable to verify
them (without CAs) seems odd. That's why I decided to do it that way.

Greetings, Wolfgang
-- 
Wolfgang Breyha <wbreyha at gmx.net> | http://www.blafasel.at/
Vienna University Computer Center | Austria



More information about the Info-cyrus mailing list