OpenPKG Specs / changeset

changeset

Add fingerprints config for client certificate based authentication.

Mon, 20 Apr 2009 19:23:01 +0200

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Mon, 20 Apr 2009 19:23:01 +0200
changeset 179
6539a982f682
parent 178
0ba300bdf30a
child 180
4c723152d46f

Add fingerprints config for client certificate based authentication.

postfix/postfix.txt file | annotate | diff | comparison | revisions 
     1.1 --- a/postfix/postfix.txt	Mon Apr 20 19:22:00 2009 +0200
     1.2 +++ b/postfix/postfix.txt	Mon Apr 20 19:23:01 2009 +0200
     1.3 @@ -22,6 +22,9 @@
     1.4  T_RELOCATED  = relocated
     1.5  T_TRANSPORT  = transport
     1.6  T_ALIASES    = aliases
     1.7 +T_CLIENTS    = clients
     1.8 +T_SENDERS    = senders
     1.9 +T_FINGERP    = fingerprints
    1.10  
    1.11  #   dependency tracking
    1.12  TIMESTAMP    = .up-to-date
    1.13 @@ -37,7 +40,10 @@
    1.14      $(T_VIRTUAL).db   \
    1.15      $(T_RELOCATED).db \
    1.16      $(T_TRANSPORT).db \
    1.17 -    $(T_ALIASES).db
    1.18 +    $(T_ALIASES).db \
    1.19 +    $(T_CLIENTS).db \
    1.20 +    $(T_SENDERS).db \
    1.21 +    $(T_FINGERP).db
    1.22  
    1.23  #   default target
    1.24  all: $(TABLES) $(TIMESTAMP)
    1.25 @@ -67,6 +73,12 @@
    1.26  	$(POSTMAP) hash:$(T_TRANSPORT)
    1.27  $(T_ALIASES).db: $(T_ALIASES) $(MAKEFILE)
    1.28  	$(POSTALIAS) hash:$(T_ALIASES)
    1.29 +$(T_CLIENTS).db: $(T_CLIENTS) $(MAKEFILE)
    1.30 +	$(POSTMAP) hash:$(T_CLIENTS)
    1.31 +$(T_SENDERS).db: $(T_SENDERS) $(MAKEFILE)
    1.32 +	$(POSTMAP) hash:$(T_SENDERS)
    1.33 +$(T_FINGERP).db: $(T_FINGERP) $(MAKEFILE)
    1.34 +	$(POSTMAP) hash:$(T_FINGERP)
    1.35  
    1.36  #   cleanup target
    1.37  clean: 
    1.38 @@ -116,6 +128,7 @@
    1.39  scache     unix  -       -       n       -       1       scache
    1.40  #maildrop  unix  -       n       n       -       -       pipe flags=DRhu user=@l_nusr@ argv=@l_prefix@/bin/maildrop -d ${recipient}
    1.41  #cyrus     unix  -       n       n       -       -       pipe user=@l_nusr@ argv=@l_prefix@/bin/cyrdeliver -e -r ${sender} -m ${extension} ${user}
    1.42 +#dovecot   unix  -       n       n       -       -       pipe flags=DR user=opmi-r argv=/opmi/libexec/dovecot/deliver -f ${sender} -d ${user} -n -m ${extension}
    1.43  #uucp      unix  -       n       n       -       -       pipe flags=Fqhu user=@l_nusr@ argv=@l_prefix@/bin/uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
    1.44  #ifmail    unix  -       n       n       -       -       pipe flags=F user=@l_nusr@ argv=@l_prefix@/bin/ifmail -r $nexthop ($recipient)
    1.45  #bsmtp     unix  -       n       n       -       -       pipe flags=Fq. user=@l_nusr@ argv=@l_prefix@/bin/bsmtp -f $sender $nexthop $recipient
    1.46 @@ -338,3 +351,20 @@
    1.47  #   | .example.com               smtp:mail.example.com
    1.48  
    1.49  </file>
    1.50 +<file name="fingerprints">
    1.51 +##
    1.52 +##  @l_prefix@/etc/postfix/fingerprints -- user identity verification
    1.53 +##
    1.54 +##  Searched for user names matching TLS certificate fingerprints
    1.55 +##  when a client responding to the MTA's client certificate request
    1.56 +##  presents a valid (signed from proper CA) certificate.
    1.57 +##
    1.58 +##  To find such fingerprints given a valid client certificate:
    1.59 +##    @l_prefix@/bin/openssl x509 -noout -fingerprint -sha1 -in certfile.pem
    1.60 +##
    1.61 +
    1.62 +#   Examples:
    1.63 +#   | B8:B8:A8:AE:B8:2A:2B:74:EC:43:FF:4F:B2:B2:AC:1E:B4:CE:26:1D
    1.64 +#   | 18:81:F5:22:18:BA:EB:15:FF:40:30:00:EA:C0:B4:2E:EC:AE:86:8E
    1.65 +
    1.66 +</file>

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial