From: Simon Josefsson (no email)
Date: Fri May 28 2004 - 04:56:24 EDT
Rob Siemborski <> writes:
> On Thu, 27 May 2004, Simon Josefsson wrote:
>
>> Hello. Is it possible to get client authenticated STARTTLS working
>> with Cyrus IMAPD, without a password login?
>>
>> I'm assuming EXTERNAL would be used for this, so here is what I put in
>> imapd.conf:
>>
>> sasl_mech_list: PLAIN CRAM-MD5 DIGEST-MD5 EXTERNAL
>
> Yes, it can, provided you authenticate with a proper trusted client
> cert
Great, I was mostly looking for confirmation that it was intended to
work. IMHO, there should be an attribute in the certificate that
convey SASL authentication/authorization identities; deriving it from
the CN is ugly.
Thanks,
Simon
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|