Password

86bf6c76 · Bob Mottram · 07c0d5fb · 86bf6c76 · 86bf6c76
Commit 86bf6c76 authored 9 years ago by Bob Mottram
--- a/src/freedombone
+++ b/src/freedombone
@@ -5647,6 +5647,7 @@ function configure_imap {
  
  sed -i 's/#process_limit =.*/process_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
  sed -i 's/#default_client_limit.*/default_client_limit = 5/g' /etc/dovecot/conf.d/10-master.conf
+  sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
  
  sed -i 's/#auth_verbose.*/auth_verbose = yes/g' /etc/dovecot/conf.d/10-logging.conf
  
@@ -5664,10 +5665,13 @@ function configure_imap_client_certs {
      return
  fi
  # http://strange.systems/certificate-based-auth-with-dovecot-sendmail/
+  sed -i 's|#default_process_limit =.*|default_process_limit = 100|g' /etc/dovecot/conf.d/10-master.conf
+  sed -i 's/disable_plaintext_auth =.*/disable_plaintext_auth = yes/g' /etc/dovecot/conf.d/10-auth.conf
  sed -i 's|#auth_ssl_require_client_cert =.*|auth_ssl_require_client_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
  sed -i 's|#auth_ssl_username_from_cert =.*|auth_ssl_username_from_cert = yes|g' /etc/dovecot/conf.d/10-auth.conf
  sed -i 's|#ssl_ca =.*|ssl_ca = /etc/ssl/certs/dovecot-ca.crt|g' /etc/dovecot/conf.d/10-ssl.conf
  sed -i 's|#ssl_cert_username_field =.*|ssl_cert_username_field = commonName|g' /etc/dovecot/conf.d/10-ssl.conf
+  sed -i 's|#ssl_verify_client_cert =.*|ssl_verify_client_cert = yes|g' /etc/dovecot/conf.d/10-ssl.conf
  if ! grep -q "passdb {" /etc/dovecot/conf.d/10-auth.conf; then
    echo '' >> /etc/dovecot/conf.d/10-auth.conf
    echo 'passdb {' >> /etc/dovecot/conf.d/10-auth.conf

--- a/src/freedombone-clientcert
+++ b/src/freedombone-clientcert
@@ -33,6 +33,7 @@
 # along with this program. If not, see <http://www.gnu.org/licenses/>.

 USERNAME=
+CLIENT_CERT_PASSWORD=
 COUNTRY_CODE="US"
 AREA="Free Speech Zone"
 LOCATION="Freedomville"
@@ -48,6 +49,7 @@ function show_help {
    echo ''
    echo '     --help                  Show help'
    echo '  -u --username [name]       Username'
+    echo '  -p --password [text]       Client certificate install password'
    echo ''
    exit 0
 }
@@ -64,6 +66,10 @@ case $key in
    shift
    USERNAME="$1"
    ;;
+    -p|--password)
+    shift
+    CLIENT_CERT_PASSWORD="$1"
+    ;;
    *)
    # unknown option
    ;;
@@ -131,7 +137,7 @@ mv /etc/ssl/certs/$USERNAME.cer /home/$USERNAME/emailcert
 cp /etc/ssl/certs/dovecot-ca.crt /home/$USERNAME/emailcert
 mv /etc/ssl/private/$USERNAME.key /home/$USERNAME/emailcert
 mv /etc/ssl/certs/$USERNAME.crt /home/$USERNAME/emailcert
-openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt
+openssl pkcs12 -export -in /home/$USERNAME/emailcert/$USERNAME.cer -out /home/$USERNAME/emailcert/$USERNAME.p12 -inkey /home/$USERNAME/emailcert/$USERNAME.key -certfile /home/$USERNAME/emailcert/dovecot-ca.crt -password "$CLIENT_CERT_PASSWORD"

 # make an install script
 echo '#!/bin/bash' > /home/$USERNAME/emailcert/install.sh