cyradm cannot connect to cyrus imap server
Willy Offermans
Willy at Offermans.Rompen.nl
Fri Feb 21 10:33:03 EST 2014
Hello Dan,
On Fri, Feb 21, 2014 at 09:22:55AM -0600, Dan White wrote:
> On 02/21/14 16:11 +0100, Willy Offermans wrote:
> >You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand
> >this mechanism yet. At the moment I believe I have PLAIN password wrapped
> >into TLS. So I already do starttls client authentication. What will EXTERNAL
> >do?
>
> TLS client authentication is a scenario where you perform TLS
> authentication where the client also has a certificate. The server can
> then use the contents of the client certificate to derive the username
> (with no password, per se). For example, 'cyradm --tlskey <file>'.
>
> The EXTERNAL mechanism should not be offered unless TLS client
> authentication was successful during the starttls step.
>
> --
> Dan White
This sounds interesting. I thought that <TLSVerifyClient demand> in
slapd.conf was forcing this behavior. I like to read more about the
EXTERNAL mechanism. Do you recommend some reading?
At the moment I will stick to PLAIN and play with replication, serving
multiple domains etc.
--
Met vriendelijke groeten,
With kind regards,
Mit freundlichen Gruessen,
De jrus wah,
Wiel
*************************************
W.K. Offermans
Home: +31 45 544 49 44
Mobile: +31 681 15 87 68
e-mail: Willy at Offermans.Rompen.nl
More information about the Info-cyrus
mailing list