Authenticate Clients via TLS client cert

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Authenticate Clients via TLS client cert

Bernd Wurst
Hello,

I'm struggling with the question if it is possible to authenticate
clients (optionally) with a client certificate. I found some docs about
dovecot implementing this [1] and was wondering if courier (SMTP) could
also be used with this?

I could not find something about it in the docs.


The desired use would be that we operate a local CA and issue
certificates that contain a user name (e-mail-address) as common name
and courier authenticates this certificate as the given user, so that
logging and processing will continue have the sender's data.

[1]: "Client certificate verification/authentication", half way down at
https://wiki.dovecot.org/SSL/DovecotConfiguration


regards,
Bernd



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authenticate Clients via TLS client cert

Sam Varshavchik
Bernd Wurst writes:

> Hello,
>
> I'm struggling with the question if it is possible to authenticate
> clients (optionally) with a client certificate. I found some docs about
> dovecot implementing this [1] and was wondering if courier (SMTP) could
> also be used with this?
>
> I could not find something about it in the docs.
>
>
> The desired use would be that we operate a local CA and issue
> certificates that contain a user name (e-mail-address) as common name
> and courier authenticates this certificate as the given user, so that
> logging and processing will continue have the sender's data.
>
> [1]: "Client certificate verification/authentication", half way down at
> https://wiki.dovecot.org/SSL/DovecotConfiguration
http://www.courier-mta.org/install.html#sslcert

Also described further in the esmtpd-ssl configuration file, under  
TLS_EXTERNAL.

For this to work, the certificate subject needs to specify whatever would be  
used for the login ID when authenticating manually.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Authenticate Clients via TLS client cert

Bernd Wurst
Hello.

[sorry for sending this via private mail before. my fault.]


Am 02.07.2017 um 23:06 schrieb Sam Varshavchik:
> http://www.courier-mta.org/install.html#sslcert
> Also described further in the esmtpd-ssl configuration file, under
> TLS_EXTERNAL.
> For this to work, the certificate subject needs to specify whatever
> would be used for the login ID when authenticating manually.

Wow, perfect. I missed that completely.

Tank you for the pointer!

regards,
Bernd



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

signature.asc (836 bytes) Download Attachment
Loading...