| From: | Srikanth Venkatesh <srix55(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-docs(at)postgresql(dot)org |
| Subject: | Re: hba_conf hostssl clientcert=1 no longer required in 9.4 |
| Date: | 2016-07-16 05:44:35 |
| Message-ID: | CAOwxV4ojDe5VJ3V517J2egTMNUy+UHDuK5TfV+Kqkw9mADWNSw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
So, one has to use "cert clientcert=1" and not just "cert" in hba_conf? So
"clientcert" is an auth-method option of "cert"? That isn't exactly clear
in the hba_conf documentation -
https://www.postgresql.org/docs/9.4/static/auth-methods.html#AUTH-CERT .
That part of the document doesn't mention what you just said.
On Fri, Jul 15, 2016 at 6:33 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Srikanth Venkatesh <srix55(at)gmail(dot)com> writes:
> > I guess it should mention that setting the parameter to 1 is no longer
> > required... and that the default is 1 for "cert".
>
> In what way is it no longer required? Without that flag set, there's
> no insistence on a validated client cert.
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-07-16 18:14:56 | Re: hba_conf hostssl clientcert=1 no longer required in 9.4 |
| Previous Message | Tom Lane | 2016-07-15 13:03:56 | Re: hba_conf hostssl clientcert=1 no longer required in 9.4 |