Hi list, I'm currently looking into ways of making use of client certificates. I want to force external clients (i.e. anything outside the local subnet) to use client certificates. It is my understanding that this in itself can be achieved with the "ssl_require_client_cert" setting.
However, I also want local clients (i.e. anything from a specific subnet) to be able to authenticate by the usual means (i.e. password-based). As far as I know dovecot is not able to operate on multiple ports, as stated in the FAQ [1]. The redirect approach, which is also mentioned there, is of no help to me, because in my case I would need a different setup on both ports. Other suggestions [2] won't work in my case either. I probably could get away with using "imaps" for external clients, while using "imap" (without SSL) for internal ones. Having said this, I don't quite like the idea, especially since the traffic might pass through some potentially unsecure networks and I don't want to bother with VPN/SSH tunnels for that purpose. A native SSL/TLS solution would be very much appreciated. Is there a (recommended) way to do this? Thanks in advance. Best regards, Karol Babioch [1]: http://wiki.dovecot.org/QuestionsAndAnswers#Is_it_possible_to_have_Dovecot_imap.2BAC8-pop_daemons_listening_on_multiple_ports.3F [2]: http://www.dovecot.org/list/dovecot/2010-November/054804.html
signature.asc
Description: OpenPGP digital signature
