Send full X.509 client certificate to custom authentication policy server
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Jan 26 19:45:43 EET 2018
> On January 26, 2018 at 7:15 PM Jaime Hablutzel Egoavil <hablutzel1 at gmail.com> wrote:
>
>
> I'm working with Dovecot 2.3 and I'm wondering if I could send the full
> X.509 client certificate to my custom authentication policy server.
>
> I'm actually aware that I can send the client certificate validity status
> with something like:
>
> auth_policy_request_attributes = ... cert=%{cert}
>
> But I want the full X.509 certificate to be able to decide over the basis
> of certificate extensions, e.g. Certificate Policies extension.
>
> Is it currently possible?, what about Lua based authentication?, does Lua
> currently receive the full client certificate?.
> --
> Jaime Hablutzel - RPC 994690880
The cert is only received by the login process, validated and some details picked up, and then discarded. Unfortunately what you want is not really possible currently.
Auth process gets only the details that are picked up by login process.
Aki
More information about the dovecot
mailing list