| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Rob Sargent <robjsargent(at)gmail(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: localhost ssl |
| Date: | 2021-01-22 22:54:22 |
| Message-ID: | 8d6c56b4-ec30-bae9-c570-a80df9955582@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 1/22/21 2:48 PM, Rob Sargent wrote:
>
>> Check out this section:
>>
>> https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
>>
>> "... the cn (Common Name) in the certificate matches the user name or
>> an applicable mapping."
>>
>> This section spells out what is needed for the various forms of client
>> cert SSL authentication.
>>
>>>
>>> I have specific roles accessing specific schemas via sql which is not
>>> schema qualified.
>>>
>>
>> I'm assuming this is some sort of security. Just wondering if there
>> is provision made for people who know how to do SET search_path or \dn
>> or schema qualify objects?
>>
>>
> Honest, I've been reading 18.9 but as you can see it uses CN for host
> and then 20.12 suggests using CN for role.
Difference between server certificate and client certificate.
To get a handle on this is going to take an outline of what your
authentication needs are?
>
> Yes, I'm confused. As I said in reply to Jeff, I would rather not need
> to remember to set the search_path, which I can avoid if I login as "role".
I have not seen that conversation and I do not see it in the archive
either. Is that off-list, different thread, something else?
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rob Sargent | 2021-01-22 23:02:29 | Re: localhost ssl |
| Previous Message | Rob Sargent | 2021-01-22 22:48:22 | Re: localhost ssl |