Re: certificate based authorization

Hello

I did not thought about this. Anyway I think is quite unusable in my
environment. We're talking 50+ server (and in near future 100+ servers)
and 500+ users each of which will be granted access to a small number of
servers (like 2 or 3). So is very easy to say to one server who is
allowed to connect instead of saying the remaining 497 users (actually
certificates) that they are not allowed. And for another server other
different 497 users which are not allowed to connect in order to let in
only the remaining 2 or 3 and so on.

Thank you and best regards,
Sebastian

-----Original Message-----
From: Bruce Momjian [mailto:bruce(at)momjian(dot)us]
Sent: Friday, November 30, 2007 3:51 AM
To: sebastian(dot)ponovescu(at)alcatel-lucent(dot)ro
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] certificate based authorization

Sebastian - Anton PONOVESCU wrote:
> Hello
>
> Is there a way to use certificate based authorization with postgresql?
I
> already implemented authentication, but among the people that my CA
> certifies, and which I trust by the way, I want to distinguish to a
> particular server who I grand access and who I don't even if they are
> who they claim they are. And this based only on certificates not user
/
> pass or other mechanisms like LDAP / PAM.

Have you tried adding CRLs? We support those.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB
http://postgres.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +