Evan Martin
2017-Oct-06 16:11 UTC
How to require client SSL certificate, except for local connections
Is there any way to make Dovecot 2.2.22 not require a client SSL
certificate for a local IMAP connection, but require it for any remote
IMAP connection?
My server is configured to require client certificates:
ssl = required
...
auth_ssl_require_client_cert = yes
I tried adding the following to create an exception for localhost:
remote 127.0.0.1 {
? ssl = no
? auth_ssl_require_client_cert = no
? disable_plaintext_auth = no
}
But Dovecot fails to start with: doveconf: Fatal: Error in configuration
file /etc/dovecot/dovecot.conf line 81: Auth settings not supported
inside local/remote blocks:
Is there any other way to do this? I don't need to override any other
auth settings, just that one. I could probably use a Unix socket, if
that would help.
Thanks,
Evan
Possibly Parallel Threads
- Problem with requiring client certificates for external connections
- Disable Client Certificate Authentication for Unencrypted Connections?
- proxying, SSL, and client certificate
- imap-login hangs after receiving revoked SSL certificate
- IMAPS: Disable SSL connection without client certificate
Wisdom of the Ancients
