| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Blake Rich <blaric(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Certificate Authentication method question about mapping |
| Date: | 2023-09-28 06:10:08 |
| Message-ID: | 19f87c6646f3acbf092ae2cea51beb2f0ae4c492.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Wed, 2023-09-27 at 20:34 -0600, Blake Rich wrote:
> Recently our CA updated their S/MIME certificates. We've used them for both email as well as certificate authentication with mapping in postgresql. However our options for certificates ended up
> shifting to an Organization certificate, where the person's name is no longer the CN of the cert, but rather the CN is the Organization's name. Is there any way with certificate mapping to use a
> field other than CN to map to a database user? I've searched the archives and online and can't find any details indicating any way to do so, but I'm hopeful.
>
> Old certs that worked to filter out the first name as the username had
>
> CN = firstname lastname
> E = firstname.lastname@<org>.<com>
>
> New certs have
>
>
> CN = <org name>
> E = firstname.lastname@<org>.<com>
>
> I can't seem to figure out how to look at the E = field or even if it is possible. Any insight would be greatly appreciated.
I don't think that's possible, short of modifying PostgreSQL.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Deo Felix | 2023-09-28 11:22:25 | Re: Terminating connection because of crash of another server process |
| Previous Message | Deepak Goel | 2023-09-28 05:51:14 | Re: Terminating connection because of crash of another server process |