On Wed, 2010-04-28 at 19:12 +0200, Fabrice MATHIEU wrote: > That's normal. But 127.0.0.1 client(network) is considered by dovecot > as secure, so won't the auth possible without certificate ?
It's considered secure against man-in-the-middle attacks, but requiring
SSL cert is more about authentication. I know in some setups people
don't use passwords at all, only the SSL cert. So if I did this change,
in such setups localhost could log in as any user, which is clearly
pretty bad.
> Can't we make two auth policy to make secure (client crt require) for
> public IP/client and less "secure" (without crt client) for local
> process (postfix) and local newtwork(127.0.0.1) for roundcube ?
Only way I can think of is to run two Dovecots, one listening for
localhost and another listening for external IP, both using different
config files.
> I see section "auth default { ... }" and is used by ... default ! But
> can we make an other one to make this two particular authentication on
> the same "instance" ?
auth sections won't help. v2.0 makes this almost possible, it just
doesn't yet have per-IP settings support for auth settings.
signature.asc
Description: This is a digitally signed message part
