Mercurial > dovecot > original-hg > dovecot-1.2
diff dovecot-example.conf @ 2027:dc5d0da1abe9 HEAD
Added ssl_require_client_cert auth-specific setting. Hide
ssl_verify_client_cert from default config file as it's automatically set if
needed and there's not much point in forcing it.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 17 May 2004 04:32:16 +0300 |
parents | 1d0985f6bdd9 |
children | f0925b2271e1 |
line wrap: on
line diff
--- a/dovecot-example.conf Mon May 17 02:29:27 2004 +0300 +++ b/dovecot-example.conf Mon May 17 04:32:16 2004 +0300 @@ -37,7 +37,7 @@ # File containing trusted SSL certificate authorities. Usually not needed. #ssl_ca_file = -# Require client to send a valid certificate, otherwise fail the SSL handshake. +# Request client to send a certificate. #ssl_verify_client_cert = no # SSL parameter file. Master process generates this file for login processes. @@ -312,10 +312,9 @@ #umask = 0077 # Drop all privileges before exec()ing the mail process. This is mostly -# meant for debugging, otherwise you don't get core dumps. Note that setting -# this to yes means that log file is opened as the logged in user, which -# might not work. It could also be a small security risk if you use single UID -# for multiple users, as the users could ptrace() each others processes then. +# meant for debugging, otherwise you don't get core dumps. It could be a small +# security risk if you use single UID for multiple users, as the users could +# ptrace() each others processes then. #mail_drop_priv_before_exec = no # Set max. process size in megabytes. Most of the memory goes to mmap()ing @@ -437,6 +436,9 @@ # Number of authentication processes to create #count = 1 + + # Require a valid SSL client certificate or the authentication fails. + #ssl_require_client_cert = no } # PAM doesn't provide a way to get uid, gid or home directory. If you don't