From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
---|---|
To: | Andreas <maps(dot)on(at)gmx(dot)net> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Need a wee bit more info on PostgreSQL's SSL security options |
Date: | 2007-06-03 09:48:00 |
Message-ID: | 20070603094800.GA22868@svana.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Sun, Jun 03, 2007 at 12:21:14AM +0200, Andreas wrote:
> Hi,
>
> I've got it so far:
> Server-OS: Debian 3.1 sarge
> PostgreSQL: Debian's binary PG 8.1.8 (still the most recent version
> available)
>
> Following a tutorial (actually for OpenVPN as I didn't find any for PG
> that goes beyond what is found in the main docu) I created a CA, server
> and client certificate, updated postgresql.conf and pg_hba.conf, did a
> restart of PG and connected from a windows box with pgAdmin.
> NICE :)
>
> Now as far as I see, even though I have my postgresql.crt+key in place,
> I still have to provide username and password, right?
Yes. postgresql can check that the client provides valid certificates,
you cannot however yet authenticate with certificates.
> Can I further check the security of the server? The aim will be to have
> the port open to the Internet.
Try to connect without SSL?
> Is there a documentation, that covers those matters more deeply than
> chapter 16.8 and 20.1 of PG's main documentation?
> Especially the whole client-side topic is rather thin for a newbie.
There's 29.16:
http://www.postgresql.org/docs/8.2/interactive/libpq-ssl.html
As for CRL, I think that was only added after 8.1.
Other than that I don't know.
Hope this helps,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
From | Date | Subject | |
---|---|---|---|
Next Message | Andrej Kastrin | 2007-06-03 11:44:41 | Strange delimiters problem |
Previous Message | A. Kretschmer | 2007-06-03 09:15:46 | Re: general features |