[exim] Authentication from client certificate

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: [exim] Authentication from client certificate
Scratching an itch to make $subject easier, I coded up
an Exim authenticator driver which is _not_ supporting
ESMTP Authentication.

You get "esmtpsa" in log lines and the
ACL "authenticated" condition, and can set the
$authenticated_id variable.

It runs immediately after a TLS negotiation; example
use is:

=============
begin authenticators

tls:
 driver =           tls
 server_param1 =    ${certextract {subj_altname,mail,>:} \
                                  {$tls_in_peercert}}
 server_condition = ${if forany {$auth1}\
                        {!= {0} \
                            {${lookup ldap{ldap:///\
                    mailaddr=${quote_ldap_dn:${lc:$item}},\
                    ou=users,LDAP_DC?mailid} {$value}{0} \
                     }  }   } }
 server_set_id =    ${if = {1}{${listcount:$auth1}} {$auth1}{}}
==============



Code at:
http://git.exim.org/users/jgh/exim.git/shortlog/refs/heads/tls_auth

Any interest?
--
Jeremy