I'm working on a webmail system using client certificates for
authentication.
I have Cyrus IMAP working fine with Cyrus SASL and "AUTH=EXTERNAL" after
negotiating TLS... the IMAP daemon authenticate the user properly.
However, it chooses the CN from the client cert as the authentication
identity. With a bit of hacking to imap/tls.c I was able to convince it
to use the "email address" instead, but I'd rather not keep it this way...
I'll be happy to post a patch that allows for imapd.conf selection of
whether to use the CN or email address as the identity when
AUTH=EXTERNAL is used, but I'd like some input on what the configuration
option should be called, and whether it should be a boolean or a
multiple-choice option.
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
- [RFC] EXTERNAL auth choosing between CN and email address... Kevin P. Fleming
- Re: [RFC] EXTERNAL auth choosing between CN and emai... Marco Colombo
- Re: [RFC] EXTERNAL auth choosing between CN and ... Kevin P. Fleming
- Re: [RFC] EXTERNAL auth choosing between CN ... Marco Colombo
- Re: [RFC] EXTERNAL auth choosing between... Kevin P. Fleming
