On Sun, Aug 23, 2020 at 02:36:51AM +0200, Steffen Nurpmeso wrote:
> However, short of time (it will be no sooner than six o'clock in
> the morning until i will get home, sorry! Just in case anyone is
> interested), i blindly added another cert_username=steffen to the
> stuff in src/xsasl/xsasl_dovecot_server.c, and with that we will
> get the job done!
I think that there's a major semantic problem here. The code validating
the certificate chain against some issuer(s) trusted to identify local
users should also be the code that's mapping certificates to user names.
It sounds like you have Postfix validating the certificate trust chain,
but then Dovecot, doing the user mapping. Or if not, what role exactly
is Dovecot playing in all this?
You're posting code, but that seems premature. Can you instead post a
description of the design? Perhaps moving the discussion to
postfix-devel...
--
Viktor.
