On Thu, 17 Feb 2005, Edward Rudd wrote:
On Wed, 16 Feb 2005 21:18:07 -0700, Kevin P. Fleming wrote:
[snip]
Any thoughts on how difficult it would be to get Cyrus IMAP to accept a client certificate, validate it and automatically "log in" the user once that is done? I'll happily contribute the code back to CMU if I get it working, but I though I'd ask the gurus for their opinions before I tried to tackle it :-)
SASL/EXTERNAL is what you want although I have to not tried it. OpenLDAP works great. In theory, the CN part of the client certitificate subject needs to be a valid mailbox. You can test this with imtest -t client_cert_file -m EXTERNAL .... I assume that you have SSL/TLS working.
Your bigger issue is to find a client that supports SASL/EXTERNAL. I do not believe c-client library (this is what drives IMP/Horde via PHP) supports SASL/EXTERNAL, so this is what you need to start hacking.
-- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
