On 4/27/22 12:27, Jaroslaw Rafa wrote:
Dnia 27.04.2022 o godz. 17:47:06 AndrewHardy pisze:
I’m very interested in what options / solutions (if any) exist that allow
you to use a passwordless approach to authenticating your users against
imaps/pop3/smtps/submission services (tls encrypted of course)
To my knowledge, Thunderbird supports certificate-based authentication both
to imaps and smtps/submission. On the server side, you can probably configure
certificate-based authentication in most mail server software, in particular
in Postfix and Dovecot.
Configuring it on the server-side is fairly easy.
The hard part is enrolling client certs for end-users, especially into
Thunderbird.
Mozilla hunked out all features for PKI client cert enrollment from
Firefox and Thunderbird. So today it's easier to issue client certs to
Outlook users than to Thunderbird users. :-(
Ciao, Michael.
