dovecot - Jul 2009 - Client Cert Auth Problem

Hello,

is there a config possible which supports both of following
authentication schemes ?

1st: If user presents a client certificate, he can log in w/o
username/password, where user id comes from CN. Accepting any password
is not the right solution.

2nd: If user does not present a client certificate, he have to
authenticate by username/password.

In both cases user data is read from userdb LDAP, which is already
working. I was not able to get both auth schemes working at same time.
With Postfix such a config is fully operable.

regards
Christian

On Sat, 2009-07-18 at 00:12 +0200, Christian Felsing
wrote:
> is there a config possible which supports both of following
> authentication schemes ?
> 
> 1st: If user presents a client certificate, he can log in w/o
> username/password, where user id comes from CN. Accepting any password
> is not the right solution.
What do you mean by the last sentence? Do you expect there to be a
difference between logging in without a password or with any password?
> 2nd: If user does not present a client certificate, he have to
> authenticate by username/password.
%k variable contains "valid" if client had sent a valid SSL cert. With
checkpassword or sql passdb that should be enough, I think. With LDAP
passdb you'd have to do something ugly.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090803/39f877f5/attachment-0002.bin>