Re: ssl client certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Wesley,
thanks for the information. I managed to find the code in tls.c and
imapd.c and it seems as if it you were right :) which is good news!
but it's bad news that we use the UID attribute for the "username", and
CN for the actual name (like Johannes Russek in my case). :/
it also doesn't seem to be configurable (yet), so i might check if i can
hack tls.c for that. (would anyone else think this is a good idea? e.g.
to specify the attribute that contains the username/userid used for
cyrus mailstore?
thanks!
johannes


Am Dienstag, den 09.09.2008, 14:03 -0400 schrieb Wesley Craig:
> I haven't tried it, but it's certainly meant to.  The name of the  
> user should be in the CN attribute of the subject certificate.
> 
> :wes
> 
> On 09 Sep 2008, at 08:58, Johannes Rußek wrote:
> > so cyrus does support ssl client certificates (otherwise there  
> > wouldn't
> > be errors such as "TLS server engine: No CA file
> > specified. Client side certs may not work"), but can i use client  
> > certs
> > as a replacement to username/password logins? e.g. use the cert to map
> > the x509 subject to the username of the user?
-- 
****************************************************************************
Please vote for WinRAR at the ESWC Epsilon Award 2008.
To vote, go to
https://digiumenterprise.com/answer/?sid=234683&chk=UG3B5W7X
****************************************************************************
****************************************************************************

Best Regards,

Johannes Rußek
Linux/UNIX Administration

win.rar GmbH
Schumannstr. 17
10117 Berlin
Germany

www.win-rar.com    (website)
russek@xxxxxxxxxxx (e-mail)

+49 30 28886758  (tel Zentrale)
+49 30 28884514 (fax)

****************************************************************************
win.rar GmbH Berlin                           |    HR B-Nr. 109885 B
Management: Öncül Kaya, Burak Canboy          |    Amtsgericht Charlottenburg
****************************************************************************

Attachment: smime.p7s
Description: S/MIME cryptographic signature

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux