On 353, 12 18, 2008 at 01:13:27PM +0100, Thomas Siebert wrote: > What you really want is the "AUTH EXTERNAL" authentication mechanism. This > would authenticate your users based on the used certificate. Unfortunately, > this mechanism is not supported in dovecot as well as in most clients. > Courier supports it since some months if you really need it.
What widespread mail clients support EXTERNAL ? BTW it's trivial to implement it dovecot if there is a real demand. > There's no way in dovecot to use no password, but there's one to use any > password: Your password database has to return the field "nopassword", value > 1. But you should consider that this means that your users can impersonate > any other user on your mailserver as the SSL certificate here only controls > access, but not identity. That's not true. Look at ssl_username_from_cert and ssl_cert_username_field configuration parameters. > > -----Original Message----- > > From: dovecot-bounces+siebert+lists=et.rub...@dovecot.org > > [mailto:dovecot-bounces+siebert+lists=et.rub...@dovecot.org] On Behalf > > Of Anthony Davies > > Sent: Thursday, December 18, 2008 12:27 AM > > To: dovecot@dovecot.org > > Subject: [Dovecot] SSL Certificate Authentication > > > > Hi Guys, > > > > I am using the SSL Client Certificate authentication method for my > > Dovecot instance, however rather then just requiring the client > > certificate it also prompts me for my user password. > > > > My certificate was securely generated on a smart card and is passphrase > > protected so I would like to stop having to enter my certificate > > passphrase and my user password to collect my mail. Where abouts in the > > config file can I resolve this issue? > > > > Cheers, > > > > Tony Davies > > >