Florian Mickler writes:
Hi Sam,I think I can follow your logic and this looks good. I can test your patch tonight if necessary.Thanks for your quick response. I think this fixes my usecase nicely.BTW on another note: is it possible to set courier up so that it just ignores / acks any auth request if ssl clientcert matches a certain fingerprint? (Or chain verification with TLS_EXTERNAL Subject checks out?)How much effort would it be to implement that?
I am not sure what you mean by that. A client has to request EXTERNAL. If the client provides a certificate, but does not request EXTERNAL, nothing stops the client from loginning in with an id and a password, normally. If the client request EXTERNAL, the certificate is validly signed, but its email or the appropriate field is not found in the authentication database, the EXTERNAL login fails.
pgpKF3W9PgfX_.pgp
Description: PGP signature
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
