Re: Client authentication via client certificate on ssl/tls

From: Ken Murchison (no email)
Date: Fri Jul 02 2004 - 07:52:44 EDT

Next message: Simon Matter: "Re: Vanishing quota information"
Previous message: Pascal Gienger: "Client authentication via client certificate on ssl/tls"
Maybe in reply to: Pascal Gienger: "Client authentication via client certificate on ssl/tls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Pascal Gienger wrote:

> Hi,
>
> does anybody on the list already had the idea to use an information of a
> client certificate for authentication in IMAPD?

This is exactly what the EXTERNAL SASL mechanism is designed for and is
available in Cyrus. If the client presents a TLS client cert, Cyrus
will make the EXTERNAL mechanism available, which essentially means "use
the credentials presented outside of SASL". Whether any mainstream
clients have support for EXTERNAL, I don't know.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Next message: Simon Matter: "Re: Vanishing quota information"
Previous message: Pascal Gienger: "Client authentication via client certificate on ssl/tls"
Maybe in reply to: Pascal Gienger: "Client authentication via client certificate on ssl/tls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs