Hello, is there a config possible which supports both of following authentication schemes ? 1st: If user presents a client certificate, he can log in w/o username/password, where user id comes from CN. Accepting any password is not the right solution. 2nd: If user does not present a client certificate, he have to authenticate by username/password. In both cases user data is read from userdb LDAP, which is already working. I was not able to get both auth schemes working at same time. With Postfix such a config is fully operable. regards Christian
On Sat, 2009-07-18 at 00:12 +0200, Christian Felsing wrote:> is there a config possible which supports both of following > authentication schemes ? > > 1st: If user presents a client certificate, he can log in w/o > username/password, where user id comes from CN. Accepting any password > is not the right solution.What do you mean by the last sentence? Do you expect there to be a difference between logging in without a password or with any password?> 2nd: If user does not present a client certificate, he have to > authenticate by username/password.%k variable contains "valid" if client had sent a valid SSL cert. With checkpassword or sql passdb that should be enough, I think. With LDAP passdb you'd have to do something ugly. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <dovecot.org/pipermail/dovecot/attachments/20090803/39f877f5/attachment-0002.bin>