dovecot - Aug 2012 - Postfix & Dovecot: Client certificate authentication

Hello,

I would like to set up an authentication using certificate with Dovecot: A user
sends mail to Postfix and Dovecot authentication is valid only if certificate is
trusted.

So, I enable the parameter auth_ssl_require_client_cert in dovecot configuration
but it is not running. Here are the postfix logs:

Aug 16 09:51:48 myserver dovecot: auth: Debug: Loading modules from directory:
/usr/lib64/dovecot/auth
Aug 16 09:51:48 myserver dovecot: auth: Debug: Module loaded:
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Aug 16 09:51:48 myserver dovecot: auth: Debug: auth client connected (pid=6922)
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH?????? 1??????
PLAIN?? service=smtp??? nologin lip=127.0.0.1?? rip=127.0.0.1?????? secured
resp=xxx
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning:
localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed: Client
didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: PLAIN(?,127.0.0.1): Client didn't
present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL????? 1??????
reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH?????? 2??????
LOGIN?? service=smtp??? nologin lip=127.0.0.1?? rip=127.0.0.1?????? secured
Aug 16 09:51:51 myserver dovecot: auth: LOGIN(?,127.0.0.1): Client didn't
present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL????? 2??????
reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning:
localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Client
didn't present valid SSL certificate

It seems Postfix doesn't send the client certificat to Dovecot. What do you
think ? What is wrong ?

Below are some information about my configuration:
OS: RHEL5

Postfix: 2.7.3

Dovecot: 2.0.14


Dovecot config:
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_verbose = yes
mail_debug = yes
passdb {
? args = /etc/dovecot/dovecot-ldap.conf
? driver = ldap
}
protocols = none
service auth {
? unix_listener /data/postfix/private/auth {
??? group = postfix
??? mode = 0660
??? user = postfix
? }
? user = root
}
ssl = required
ssl_ca = </etc/dovecot/ca.pem
ssl_cert = </etc/dovecot/cert.pem
ssl_key = </etc/dovecot/key.pem
ssl_verify_client_cert = yes
userdb {
? args = /etc/dovecot/dovecot-ldap.conf
? driver = ldap
}
verbose_ssl = yes

Thanks for your help 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jeremy.jarry.vcf
Type: text/x-vcard
Size: 56 bytes
Desc: Card for "JARRY J?r?my"  <jeremy.jarry at
admin.gmessaging.net>
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20120816/afdab100/attachment-0004.vcf>

On 16.8.2012, at 11.41, JARRY J?r?my wrote:
> I would like to set up an authentication using certificate with Dovecot: A
user sends mail to Postfix and Dovecot authentication is valid only if
certificate is trusted.
> 
> So, I enable the parameter auth_ssl_require_client_cert in dovecot
configuration but it is not running. Here are the postfix logs:
..
> Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning:
localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Client
didn't present valid SSL certificate
> 
> It seems Postfix doesn't send the client certificat to Dovecot. What do
you think ? What is wrong ?
Correct. Postfix doesn't send it to Dovecot, so you can't do this
currently. I'm not sure if this would require about 2 lines of code or
hundreds to Postfix.