Package: dovecot Version: 1.0.5-1 Severity: wishlist Hi there,
I have an (admittedly baroque) authentication mechanism for LDAP, with some users being system users and some being in LDAP, although in many possible trees. In order to handle this reasonably smoothly, I've written an auth helper script. I am trying to transition to SSL based auth for at least the system users, but I've found this to be impossible for now. There is currently a mechanism to fail authentication for users that prevent an invalid client cert, which is good, but too strong for my needs. I'd like to just allow verified clients to log in without sending a password if they have a working cert. Ideally, I'd like to do this by checking an environment variable in the script (SSL_CLIENT_VERIFIED ?) and proceeding without an auth check. Admittedly, the client will still need to send something to proceed from the master to the auth process, but I could at least get down to sending USER '' and PASS '', and just get the CN out the cert. Perhaps this is just a crazy idea, but it seems reasonable at the moment. Thanks, -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-xen-amd64 Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8)
