[prev in list] [next in list] [prev in thread] [next in thread]
List: cyrus-devel
Subject: Re: Cyrus Pop3 and Client Side Certificates
From: Dan White <dwhite () olp ! net>
Date: 2012-12-17 20:11:44
Message-ID: 20121217201144.GG6645 () dan ! olp ! net
[Download RAW message or body]
On 12/17/12 12:26 -0600, Sumit Malhotra wrote:
>We are looking to enforce two layer of authentication on POP3S.
>
>We want to ensure that *if and only if* a Machine/Laptop/Client has a SSL
>Certificate is installed then only it can connect and authenticate with
>the POP3 Server else it fails. Is that possible?
set:
tls_require_cert: 1
or, specifically just for pop3s:
<cyrus.conf/pop3s-service-name>_tls_require_cert: 1
In /etc/cyrus.conf, you'll want to remove any references to pop3 (without
the -s option). e.g.:
#pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=200
pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=100
in imapd.conf:
pop3s_tls_require_cert: 1
You'll also need to configure tls_ca_file or tls_ca_path.
--
Dan White
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic