lst_ho...@kwsoft.de:
> Zitat von Wietse Venema <wie...@porcupine.org>:
> > lst_ho...@kwsoft.de:
> >> Hello,
> >>
> >> we need to authenticate a SMTP client connection base on the CN of the
> >> (trusted) client certificate. The client is not under our control
> >> (O365 connector), so we will get no notification if the key
> >> fingerprint will change. As far as i can see Postfix is only able to
> >> use certificate fingerprints to allow relaying, not the CN string, no?
> >>
> >> Have i missed something or is this not considered a valid use case?
> >
> > CN-based access checks are not built into Postfix, but the CN is
> > available in the policy delegation protocol's ccert_subject attribute,
> > if the client certificate can be verified with PKI.
> >
> > There is a patch-in-progress (thread: TLS client certificates and
> > auth external) that provides the option to permit relaying based
> > on certificate info.
> >
> > Wietse
>
> Will this be available in the 3.5 experimental release or only later
> down the road for 3.6?
In the current (3.5) development cycle, if this can be done safely.
Wietse
