| From: | Rob Sargent <robjsargent(at)gmail(dot)com> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: localhost ssl |
| Date: | 2021-01-22 22:48:22 |
| Message-ID: | e7ed512c-9d9e-3c0e-64e2-247224076c98@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> Check out this section:
>
> https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
>
> "... the cn (Common Name) in the certificate matches the user name or
> an applicable mapping."
>
> This section spells out what is needed for the various forms of client
> cert SSL authentication.
>
>>
>> I have specific roles accessing specific schemas via sql which is not
>> schema qualified.
>>
>
> I'm assuming this is some sort of security. Just wondering if there is
> provision made for people who know how to do SET search_path or \dn or
> schema qualify objects?
>
>
Honest, I've been reading 18.9 but as you can see it uses CN for host
and then 20.12 suggests using CN for role.
Yes, I'm confused. As I said in reply to Jeff, I would rather not need
to remember to set the search_path, which I can avoid if I login as "role".
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2021-01-22 22:54:22 | Re: localhost ssl |
| Previous Message | Adrian Klaver | 2021-01-22 22:33:16 | Re: localhost ssl |