| From: | Mark Morgan Lloyd <markMLl(dot)pgsql-general(at)telemetry(dot)co(dot)uk> |
|---|---|
| To: | pgsql-general(at)PostgreSQL(dot)org |
| Subject: | Re: "Web of trust" connections |
| Date: | 2015-11-10 17:19:26 |
| Message-ID: | n1t8uv$sct$1@pye-srv-01.telemetry.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Jim Nasby wrote:
> On 11/6/15 8:01 AM, Mark Morgan Lloyd wrote:
>> Purely out of curiosity, is there any way of using some sort of "web of
>> trust" (comparable with GPG or whatever) when verifying server and
>> client certificates, rather than going back to a centralised CA?
>>
>> My apologies if this is a silly question, or if there are fundamental
>> reasons why such a thing would be inappropriate. My scenario is that I'm
>> looking at multiple PostgreSQL servers (with supporting custom software)
>> arranged (approximately) as a tree, with nodes sending notifications to
>> their peers as they see changes. I want to make it as easy as possible
>> to set up a new server and get it cooperating with the rest, and some
>> sort of WoT might be plausible rather than having to wait for the root
>> administrator to send keys over a secure channel.
>
> Postgres does support PAM, so you might be able to craft such a solution
> using that along with something that support WoT (like GPG).
Thanks for that Jim, very interesting suggestion.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mammarelli, Joanne T | 2015-11-10 18:21:44 | Best tool to pull from mssql |
| Previous Message | Adrian Klaver | 2015-11-10 17:18:23 | Re: run 2 instances of postgres 9.4 on same linux VM |