free
/
freedombonee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Password

This commit is contained in:
Bob Mottram 2015-06-18 08:25:05 +01:00
parent 07c0d5fb99
commit 86bf6c7666
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/freedombone
View File

@ -5647,6 +5647,7 @@ function configure_imap {
sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
@ -5664,10 +5665,13 @@ function configure_imap_client_certs {
return return
fi fi
# http://strange.systems/certificate-based-auth-with-dovecot-sendmail/ # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.crt|g' /etc/dovecot/conf.d/10-ssl.conf sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.crt|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
echo '' >> /etc/dovecot/conf.d/10-auth.conf echo '' >> /etc/dovecot/conf.d/10-auth.conf
echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf

8
src/freedombone-clientcert
View File

@ -33,6 +33,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
USERNAME= USERNAME=
CLIENT_CERT_PASSWORD=
COUNTRY_CODE="US" COUNTRY_CODE="US"
AREA="Free Speech Zone" AREA="Free Speech Zone"
LOCATION="Freedomville" LOCATION="Freedomville"
@ -48,6 +49,7 @@ function show_help {
echo '' echo ''
echo ' --help Show help' echo ' --help Show help'
echo ' -u --username [name] Username' echo ' -u --username [name] Username'
echo ' -p --password [text] Client certificate install password'
echo '' echo ''
exit 0 exit 0
} }
@ -64,6 +66,10 @@ case $key in
shift shift
USERNAME="$1" USERNAME="$1"
;; ;;
-p|--password)
shift
CLIENT_CERT_PASSWORD="$1"
;;
*) *)
# unknown option # unknown option
;; ;;
@ -131,7 +137,7 @@ mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert
mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt -password "$CLIENT_CERT_PASSWORD"
# make an install script # make an install script
echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh