Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: To whom an SSL client crt (postgresql.crt) is issued
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: k(dot)p(dot)d(dot)lehre(at)medisin(dot)uio(dot)no
- Cc: pgsql-interfaces(at)postgresql(dot)org
- Subject: Re: To whom an SSL client crt (postgresql.crt) is issued
- Date: Mon, 19 Dec 2005 01:08:08 -0500
- Message-id: <20253.1134972488@sss.pgh.pa.us> <text/plain>
k(dot)p(dot)d(dot)lehre(at)medisin(dot)uio(dot)no writes: > The docs do not mention that the client crt has to be issued > to the user trying to log on. Isn't it a point TO WHOM the client crt is > issued? Is this the way it is meant to be? Restricting that would require assumptions-not-in-evidence about certificate issuers using names that sync with database user names. But perhaps more to the point, Postgres does not use SSL certificates as a user authentication mechanism, only as a transport privacy mechanism. Using SSL is not sufficient grounds for deciding you can use "trust" auth mode. regards, tom lane
- References:
- To whom an SSL client crt (postgresql.crt) is issued
- From: k . p . d . lehre
- To whom an SSL client crt (postgresql.crt) is issued
- Prev by Date: To whom an SSL client crt (postgresql.crt) is issued
- Next by Date: Cursors for update.., we have to port an informix 9.x appication using cursors for update
- Previous by thread: To whom an SSL client crt (postgresql.crt) is issued
- Next by thread: Cursors for update.., we have to port an informix 9.x appication using cursors for update
- Indexes: