| From: | Rob Sargent <robjsargent(at)gmail(dot)com> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: certs in connection string |
| Date: | 2021-02-15 18:01:00 |
| Message-ID: | c9048391-0ac0-1b48-93ca-c08a830e6fa2@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 2/15/21 8:23 AM, Laurenz Albe wrote:
> On Sat, 2021-02-13 at 09:57 -0700, Rob Sargent wrote:
>> I’m confused, as usual, about using a cert in a connection string. I wish to connect form a
>> “middle ware” piece to PG on be half of various clients. Does each client need a corresponding
>> cert/key or is the certification intended to say the sending machine is who it says it is
>> (thereby needing only one cert)
>
> They can share one certificate.
>
> https://www.postgresql.org/docs/current/auth-cert.html:
>
> When using this authentication method, the server will require that the client provide a valid,
> trusted certificate. No password prompt will be sent to the client. The cn (Common Name)
> attribute of the certificate will be compared to the requested database user name, and if they
> match the login will be allowed.
>
> Yours,
> Laurenz Albe
>
Thank you.
Since I wish to make the jdbc connection using the role's login (for
search_path, I take it I will make role-specific certs, setting the CN
accordingly. (I do know which role I need for each connection request
and can set the dbname as well).
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2021-02-15 18:08:45 | Re: prepare in a do loop |
| Previous Message | Marc Millas | 2021-02-15 17:55:26 | Re: prepare in a do loop |