From: Alexander Hoogerhuis (alexhboxed.no)
Date: Thu Dec 13 2007 - 13:59:23 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor Duchovni wrote:
> On Thu, Dec 13, 2007 at 08:49:56PM +0100, Alexander Hoogerhuis wrote:
>
>> Victor Duchovni wrote:
>>> On Thu, Dec 13, 2007 at 12:49:52PM -0500, Wietse Venema wrote:
>>>
>>>> Alexander Hoogerhuis:
>>>>> A quick question regarding postfix 2.4 and authentiation:
>>>>>
>>>>> Is there any similar mechinsm to smtp_sasl_password_maps that would
>>>>> allow postfix as a server to have a simple map of remote IP/network and
>>>>> user:pass stored, and not having to go through using full SASL?
>>> The simplest out-of-the-box solution is a TLS client cert and
>>> check_ccert_access. This gives you both a secure-channel for
>>> authentication and authentication in one step.
>>>
>> Thanks for the quick feedback. I did look into this and run a private CA
>> so I can issue client certs, but Exchange 2000/2003 looked troublesome
>> to implement as clients for postfix this way. I'd love to be proven
>> wrong, but that's the scope of some other list or forum. :)
>
> You really need E2007 for full TLS support. I don't know whether E2003
> will do client certs, but is highly likely that it cannot given how
> anemic other aspects of TLS are in that release.
>

That's what my own tinkering and googling has turned up so far as well.
And asking a good few part-time Exchange 2000/2003 admins "do you do
client side TLS well?" has turned up quite a few blank stares... :p

-A

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]