Rob Siemborski <[EMAIL PROTECTED]> writes: > On Thu, 27 May 2004, Simon Josefsson wrote: > >> Hello. Is it possible to get client authenticated STARTTLS working >> with Cyrus IMAPD, without a password login? >> >> I'm assuming EXTERNAL would be used for this, so here is what I put in >> imapd.conf: >> >> sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 EXTERNAL > > Yes, it can, provided you authenticate with a proper trusted client > cert
Great, I was mostly looking for confirmation that it was intended to work. IMHO, there should be an attribute in the certificate that convey SASL authentication/authorization identities; deriving it from the CN is ugly. Thanks, Simon --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
