Automx2 vs. automx
Ralph Seichter
automx2 at seichter.de
Fri Jan 3 21:28:06 CET 2020
* Dan Brown:
> CalDav/CardDav have already been mentioned, and I understand they
> aren't there--are there plans for them to return?
Patrick and I have spoken about this. At this stage, automx2 focuses on
mail account configuration, which I believe to be the feature most
users benefit from. Depending on user demand, more features might be
supported, but I cannot make promises right now. I am sure that Patrick
will offer his own take on the state of automx2 over the coming days.
> Automx claimed to be able to retrieve a user's full name from LDAP
> (and probably other backends). I wasn't able to get this working, but
> is this feature present in automx2?
I opened https://gitlab.com/automx/automx2/issues/10 to allow you and
other users interested in this feature to comment on my take on basic-
level LDAP support. It is important for me to understand your exact
requirements, and to distinguish between must have and nice to have.
> Does automx2 support signing .mobileconfig profiles?
Not yet. Apple seems to have changed some of the signing mechanics with
recent updates. I have Apple's Configurator application on my Mac, and I
used to be able to transfer profiles via USB cable to my iOS devices
which the Configurator would sign on the fly. That is no longer the
case, and my attempts to use other self-signed certificates were not
successful either.
Looks like Apple wants me to "pay to play" by subscribing as a developer
and thereby obtaining an Apple-issued signing certificate. Even if I did
that, it would not help other automx2 users, because I obviously won't
ship my key material. Each of you would have to be able to provide your
own keys and certificates.
Given that the typical use case is opening
https://foo.example.com/mobileconfig/?emailaddress=x@example.com
unsigned profiles are not really an issue, IMO. Server foo.example.com
is identified by his certificate, so one can assume that downloading a
profile from that host is OK, security-wise. An iOS device would not
open foo.example.com if the certificate was considered unsafe. Apple
profiles can be sent via email as well, and in that case, signatures
have a whole different level of importance, but when downloaded via
HTTPS, I am not too worried about the lack of signatures.
-Ralph
More information about the automx-users
mailing list