IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
120983bb02de90984d9b8ff00b1852fe03ab618a
freeipa/client/share/epn.conf
Stanislav Levin 17f430efc4 EPN: Allow authentication by SMTP client's certificate 
SMTP server may ask or require client's certificate for verification.
To support this the underlying Python's functionality is used [0].

Added 3 new options(corresponds to `load_cert_chain`):
- smtp_client_cert - the path to a single file in PEM format containing the
  certificate.
- smtp_client_key - the path to a file containing the private key in.
- smtp_client_key_pass - the password for decrypting the private key.

[0]: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain

Fixes: https://pagure.io/freeipa/issue/8580
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-11-17 14:25:39 +02:00

72 lines
2.3 KiB
Plaintext
Raw Blame History

# Global IPA-EPN [0] configuration file.
# For a complete explanation of each parameter, see the epn.conf(5)
# manual page.
# For best results, change no more than a single parameter at a time,
# and test if ipa-epn(1) still works as intended, using --dry-run when
# it makes sense.
#
# [0] https://github.com/freeipa/freeipa/blob/master/doc/designs/expiring-password-notification.md
[global]
# Specifies the SMTP server to use.
smtp_server = localhost
# Specifies the SMTP port.
smtp_port = 25
# Specifies the id of the user to authenticate with the SMTP server.
# Default None (empty value).
# smtp_user =
# Specifies the password for the authorized user.
# Default None (empty value).
# smtp_password =
# Specifies the path to a single file in PEM format containing the certificate.
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
# Default None (empty value).
# smtp_client_cert =
# Specifies the path to a file containing the private key in. Otherwise the
# private key will be taken from certfile as well.
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
# Default None (empty value).
# smtp_client_key =
# Specifies the password for decrypting the private key. It will be ignored if
# the private key is not encrypted and no password is needed.
# https://docs.python.org/3/library/ssl.html#ssl.SSLContext.load_cert_chain
# Default None (empty value).
# smtp_client_key_pass =
# Specifies the number of seconds to wait for SMTP to respond.
smtp_timeout = 60
# Specifies the type of secure connection to make. Options are: none,
# starttls and ssl.
smtp_security = none
# Specifies the From e-mail address value in the e-mails sent. Bounces will
# be sent here.
smtp_admin = root@localhost
# Time to wait, in milliseconds, between each e-mail sent to try to avoid
# overloading the mail queue.
smtp_delay = 0
# Specifies the From: e-mail address value in the e-mails sent.
# The default when unset is noreply@ipadefaultemaildomain.
# This value can be found by running ipa config-show.
# mail_from =
# The list of days before a password expiration when ipa-epn should notify
# a user that their password will soon require a reset.
notify_ttls = 28, 14, 7, 3, 1
# Set the character set of the message.
msg_charset = utf8
# Set the message's MIME sub-content type.
msg_subtype = plain
Reference in New Issue View Git Blame Copy Permalink