summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPřemysl Eric Janouch <p@janouch.name>2021-05-29 06:38:33 +0200
committerPřemysl Eric Janouch <p@janouch.name>2021-05-29 06:38:33 +0200
commitc75ef167f21c398856706468ca3917f9b64cef32 (patch)
tree2b7a643f38d7e1d06f7838748a631406b9281745
parentddffc71abe49a6d9f87b005e0814cb71a2ae8d54 (diff)
downloadxK-c75ef167f21c398856706468ca3917f9b64cef32.tar.gz
xK-c75ef167f21c398856706468ca3917f9b64cef32.tar.xz
xK-c75ef167f21c398856706468ca3917f9b64cef32.zip
degesch: document the SASL EXTERNAL support
So far it's only been mentioned in the NEWS file, which is definitely not sufficient. It would be good to move this kind of stuff out from README.adoc.
-rw-r--r--README.adoc4
1 files changed, 4 insertions, 0 deletions
diff --git a/README.adoc b/README.adoc
index 550fda9..f4200e5 100644
--- a/README.adoc
+++ b/README.adoc
@@ -125,6 +125,10 @@ as a `forking` type systemd user service.
Client Certificates
-------------------
+'degesch' will use the SASL EXTERNAL method to authenticate using the TLS
+client certificate specified by the respective server's `tls_cert` option
+if you add `sasl` to the `capabilities` option and the server supports this.
+
'kike' uses SHA-1 fingerprints of TLS client certificates to authenticate users.
To get the fingerprint from a certificate file in the required form, use: