[Dovecot] Postfix & Dovecot: Client certificate authentication

Thu, 16 Aug 2012 01:42:08 -0700 

Hello,

I would like to set up an authentication using certificate with Dovecot: A user 
sends mail to Postfix and Dovecot authentication is valid only if certificate 
is trusted.

So, I enable the parameter auth_ssl_require_client_cert in dovecot 
configuration but it is not running. Here are the postfix logs:

Aug 16 09:51:48 myserver dovecot: auth: Debug: Loading modules from directory: 
/usr/lib64/dovecot/auth
Aug 16 09:51:48 myserver dovecot: auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libauthdb_ldap.so
Aug 16 09:51:48 myserver dovecot: auth: Debug: auth client connected (pid=6922)
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH       1       
PLAIN   service=smtp    nologin lip=127.0.0.1   rip=127.0.0.1       secured 
resp=xxx
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning: 
localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed: Client 
didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: PLAIN(?,127.0.0.1): Client didn't 
present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL      1       
reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client in: AUTH       2       
LOGIN   service=smtp    nologin lip=127.0.0.1   rip=127.0.0.1       secured
Aug 16 09:51:51 myserver dovecot: auth: LOGIN(?,127.0.0.1): Client didn't 
present valid SSL certificate
Aug 16 09:51:51 myserver dovecot: auth: Debug: client out: FAIL      2       
reason=Client didn't present valid SSL certificate
Aug 16 09:51:51 myserver postfix/smtpd[6922]: warning: 
localhost.localdomain[127.0.0.1]: SASL LOGIN authentication failed: Client 
didn't present valid SSL certificate

It seems Postfix doesn't send the client certificat to Dovecot. What do you 
think ? What is wrong ?

Below are some information about my configuration:
OS: RHEL5

Postfix: 2.7.3

Dovecot: 2.0.14


Dovecot config:
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_ssl_require_client_cert = yes
auth_ssl_username_from_cert = yes
auth_verbose = yes
mail_debug = yes
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocols = none
service auth {
  unix_listener /data/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = root
}
ssl = required
ssl_ca = </etc/dovecot/ca.pem
ssl_cert = </etc/dovecot/cert.pem
ssl_key = </etc/dovecot/key.pem
ssl_verify_client_cert = yes
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
verbose_ssl = yes

Thanks for your help

<<attachment: jeremy.jarry.vcf>>

Reply via email to