When authenticating to Postfix with a client certificate, is it currently possible to make Postfix match any of the client certificate subject attributes (e.g. emailaddress) against the user to be authenticated through SMTP authentication mechanisms?.
As an example, if I present a client certificate with the following subject DN "CN=John Doe, [email protected]" but I authenticate through SMTP with a user named "jane" the authentication would fail. This would help to enforce that users authenticating through mutual SSL will actually require *a valid certificate issued specifically for them* instead of being able to use a certificate issued for anyone else in the organization. PS: For a similar approach see the directive TLS_EXTERNAL in http://www.courier-mta.org/imap/INSTALL.html#sslcert. -- Jaime Hablutzel - RPC 994690880
