Hello Dan, On Fri, Feb 21, 2014 at 09:22:55AM -0600, Dan White wrote: > On 02/21/14 16:11 +0100, Willy Offermans wrote: > >You are pointing to EXTERNAL, next to PLAIN and LOGIN. I do not understand > >this mechanism yet. At the moment I believe I have PLAIN password wrapped > >into TLS. So I already do starttls client authentication. What will EXTERNAL > >do? > > TLS client authentication is a scenario where you perform TLS > authentication where the client also has a certificate. The server can > then use the contents of the client certificate to derive the username > (with no password, per se). For example, 'cyradm --tlskey <file>'. > > The EXTERNAL mechanism should not be offered unless TLS client > authentication was successful during the starttls step. > > -- > Dan White This sounds interesting. I thought that <TLSVerifyClient demand> in slapd.conf was forcing this behavior. I like to read more about the EXTERNAL mechanism. Do you recommend some reading? At the moment I will stick to PLAIN and play with replication, serving multiple domains etc. -- Met vriendelijke groeten, With kind regards, Mit freundlichen Gruessen, De jrus wah, Wiel ************************************* W.K. Offermans Home: +31 45 544 49 44 Mobile: +31 681 15 87 68 e-mail: Willy@xxxxxxxxxxxxxxxxxxx ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
