| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "'Nathan Aherne *EXTERN*'" <nathan(at)reddog(dot)com(dot)au>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: SSL and MD5 passwords |
| Date: | 2015-05-12 07:55:14 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B3660EFF7@ntex2010i.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Nathan Aherne wrote:
> We would like to use SSL to secure data transmission between our app server and postgres server as
> they are both on the public internet. We cannot use SSH tunnels as our infrastructure doesn’t allow
> it. Using client SSL keys poses a number of structural issues for us as well.
>
> Instead we would like to use MD5 Username/Password to authenticate to Postgres while having postgres
> encrypt the data transfer via SSL (forced). Is this possible? If so:
Yes, this is possible, we do it all the time.
> 1. are there any issues with doing things this way?
> 2. we have configured pg_hba.conf with hostssl and md5 clientcert=0 but cannot seem to get the correct
> connection string combination. Could someone point me in the correct direction.
There is no option "clientcert=0" for the md5 authentication method.
Just remove that and everything should work fine.
What client do you use to connect?
If you connect with libpq, you can add "sslmode=require" to the connection string, but
this is not necessary, since "sslmode=prefer" is default, and that will try SSL first.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Burgholzer | 2015-05-12 17:33:53 | Timestamp Shifts when calling to_timestamp(extract (epoch from timestamp)) |
| Previous Message | Nathan Aherne | 2015-05-12 01:02:11 | SSL and MD5 passwords |