| From: | Chris Travers <chris(at)travelamericas(dot)com> |
|---|---|
| To: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Feature request: SSL Client Cert Authentication |
| Date: | 2007-10-11 18:04:52 |
| Message-ID: | 470E65C4.2020504@travelamericas.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi all;
I decided that I wanted to bring this up here before I decide whether to
submit a proposal to -hackers. After all, this would reach a larger
section of users than would -hackers.
Basically, I think it would be very nice to be able to use client
vertificates to actually authenticate users. I can see a few ways of
doing this:
1) Using the cert to authenticate with a given ldap server.
2) Configuring to use a specific base dn and grabbing a uid field to
use as the username.
3) Providing a mapping of the dn to username via some configuration file.
I suspect that option 2 would be the most useful, but I wanted to see
how other people thought this might need to work.
Best Wishes,
Chris Travers
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karsten Hilbert | 2007-10-11 18:07:13 | Re: XMIN semantic at peril ? |
| Previous Message | Tom Lane | 2007-10-11 17:52:08 | Re: preferred way to use PG_GETARG_BYTEA_P in SPI |