From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-advocacy(at)postgresql(dot)org, Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com> |
Subject: | Re: Draft of 8.4 beta announcement, please edit |
Date: | 2009-04-11 02:09:02 |
Message-ID: | 200904110209.n3B292T11610@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-advocacy |
Peter Eisentraut wrote:
> On Friday 10 April 2009 00:27:20 Magnus Hagander wrote:
> > Peter Eisentraut wrote:
> > > On Thursday 09 April 2009 02:14:44 Josh Berkus wrote:
> > >> * Support SSL certs for authentication
> > >
> > > This is not really new, it's just easier/different/something to use.
> >
> > Using SSL certs for authentication is most definitely new in 8.4.
>
> Client authentication is new. Server authentication is not.
I think this is referring to the 8release note item:
Add <literal>cert</> authentication method to allow user
authentication via <acronym>SSL</> certificates (Magnus)
Previously <acronym>SSL</> certificates could only verify that
the client had access to a certificate, not authenticate a
user.
The details are here:
http://developer.postgresql.org/pgdocs/postgres/auth-methods.html#AUTH-CERT
In summary:
The 'cn' attribute of the certificate will be compared to the
login username, and if they match the login will be allowed.
I have updated the release notes bullet text and draft release
announcement wiki to be:
Support SSL certificates for user authentication
Note the addition of the word "user".
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2009-04-12 08:55:00 | Re: Draft of 8.4 beta announcement, please edit |
Previous Message | Peter Eisentraut | 2009-04-10 19:52:10 | Re: Draft of 8.4 beta announcement, please edit |