[Dovecot] Dovecot 2.2rc3 Client Cert Auth and Webmail -> auth_ssl_require_client_cert problem

[Timo Sirainen]

On 31.3.2013, at 17.38, Christian Felsing <hostmaster at taunusstein.net> wrote:

> There were log entries regarding that problem:

Ah, you were using PostgreSQL and I tested MySQL. They are handled somewhat differently. This should fix it: http://hg.dovecot.org/dovecot-2.2/rev/37cd62516b37

> 
> 
> Mar 25 11:05:21 dovecot dovecot: auth: Debug: client in:
> AUTH#0111#011PLAIN#011service=imap#011secured#011valid-client-cert#011sessi
> on=J8pV8bzYIACwxigG#011cert_username=user at example.net#011lip=192.168.200.22#011rip=192.168.200.6#011lport=993#011rport=8480
> Mar 25 11:05:21 dovecot dovecot: auth: Debug: client passdb out:
> CONT#0111#011
> Mar 25 11:05:21 dovecot dovecot: auth: Debug: client in: CONT<hidden>
> Mar 25 11:05:21 dovecot dovecot: auth: Debug:
> sql(user at example.net,192.168.200.6,<J8pV8bzYIACwxigG>): query: SELECT
> NULL AS password, 'Y' as nopassword, userid AS user FROM users WHERE
> userid = 'user at example.net'
> Mar 25 11:05:21 dovecot dovecot: auth: Debug: client in: CONT<hidden>
> Mar 25 11:05:21 dovecot dovecot: auth:
> sql(user at example.net,192.168.200.6,<J8pV8bzYIACwxigG>): Empty password
> returned without nopassword
> Mar 25 11:05:23 dovecot dovecot: auth: Debug: client passdb out:
> FAIL#0111#011user=user at example.net
> 
> Dovecot got nopassword but does still not accept an empty password.
> 
> Christian
> 
> 
> 
> Am 31.03.2013 15:18, schrieb Timo Sirainen:
>> On 31.3.2013, at 15.47, Christian Felsing <hostmaster at taunusstein.net> wrote:
>> 
>>> thank you for that hint.
>>> 
>>> SELECT NULL AS password, 'Y' as nopassword, userid AS user FROM users
>>> WHERE userid = '%u'
>>> does not work, seems Dovecot 2.2rc3 ignores nopassword, so my solution is:
>> 
>> I don't understand. I remember some other mail about this as well. It works fine with my tests.. What does it log with you?
>> 
>