| From: | Ian Pilcher <arequipeno(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Craig Ringer <craig(at)2ndquadrant(dot)com>, stellr(at)vt(dot)edu, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Trust intermediate CA for client certificates |
| Date: | 2013-12-02 21:22:25 |
| Message-ID: | 529CFA11.5090403@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On 12/02/2013 03:15 PM, Stephen Frost wrote:
> That isn't at *all* accurate. Authorization is handled by pg_ident and
> PG's role and grant system. We are only using OpenSSL's trust of the
> certificate for authentication.
OK, how do I configure Postgres to only allow connections when the
client presents a certificate signed by a particular intermediate CA?
AFAIK, there is currently no way to do this.
--
========================================================================
Ian Pilcher arequipeno(at)gmail(dot)com
Sent from the cloud -- where it's already tomorrow
========================================================================
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2013-12-02 21:23:54 | Re: Trust intermediate CA for client certificates |
| Previous Message | Ian Pilcher | 2013-12-02 21:19:43 | Re: Trust intermediate CA for client certificates |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dimitri Fontaine | 2013-12-02 21:22:30 | Re: Extension Templates S03E11 |
| Previous Message | Stephen Frost | 2013-12-02 21:20:12 | Re: Extension Templates S03E11 |