Allow manual selection of supported authentication methods

[cketti]

Right now we offer the options "Normal password", "Encrypted password" and "Client certificate" during setup. Using a client certificate should complement the password authentication and thus be a separate setting (see #793). That leaves us with "Normal password" and "Encrypted password", which are not terribly useful options. In my opinion the default should be "Automatic" where we select the option we like best and use that. Additionally, we list the individual authentication methods we support. That would allow users to override the automatic behavior in case it doesn't work.

For additional information see issue #2648

[mhoran]

@cketti would it still be possible to use only client certificate authentication (no password) with the proposed change? There has been some work in Postfix to make the user case I described in #793 possible. This would make Postfix compatible with AUTH EXTERNAL as implemented in K9 today. I don't have the desire to use both a password AND certificate auth once this is the case.

[cketti]

Sure, AUTH EXTERNAL is a supported authentication mechanism.

[Fellhahn]

Just commenting to add my support for client certificate + password as an authentication method. (Is PEAP the correct term to describe this?)

I came here intending to submit this as a feature request. My current mail server back-end (Axigen) does not support the auth external method, but does support securing a connection with a client certificate before password exchange.

Perhaps a tick box could be added for "Use client certificate", which triggers the certificate selection prompt.

Following from that, where "Client certificate" is currently present in the authentication select list, it could be replaced by an "AUTH External" selection?

This way providing support for people that only want to use a certificate, as well as those that want to use certificate + password.