ssl_cert_user_specname
This parameter is useful if clients are required to supply a username, but you wish to designate a special username to use when the client’s username should be taken from the client’s digital certificate.
ssl_cert_user_specname = username
For example, you may wish all clients to specify their username when logging in. This means the ssl_use_cert_username parameter would be set to disable. The username is supplied by the user, and not taken from the digital certificate. However, you may wish one username to signify that the client logging in with that name should have the name taken from the certificate. A good example of this username would be anonymous. All clients logging in as anonymous will have their user names taken from their digital certificates.
The value specified by this parameter is the username that clients will use to log in when the username should be taken from their digital certificate. A good example of the value of this parameter would be anonymous.
Also, the value of this parameter is ignored if ssl_use_cert_username is set to enable, in which case all client usernames are taken from their certificates. This parameter has no effect for users that have no certificate.