| From: | "Alex Hunsaker" <badalex(at)gmail(dot)com> |
|---|---|
| To: | "Magnus Hagander" <magnus(at)hagander(dot)net> |
| Cc: | "PG Hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Client certificate authentication |
| Date: | 2008-11-16 00:00:42 |
| Message-ID: | 34d269d40811151600jb0dce03mf5d03f4829bbf59c@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Nov 13, 2008 at 05:31, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> Attached patch implements client certificate authentication.
>
> I kept this sitting in my tree without sending it in before the
> commitfest because it is entirely dependent on the
> not-yet-reviewed-and-applied patch for how to configure client
> certificate requesting. But now that I learned how to do it right in
> git, breaking it out was very easy :-) Good learning experience.
>
> Anyway. Here it is. Builds on top of the "clientcert option for pg_hba"
> patch already on the list.
Patch looks good to me and works as described.
Would cncert be a better auth_method name? As later we might have
different types of ssl client cert authentication??
My only concern is there is no way to specify the USER_CERT_FILE for
libpq. So if for example I have two users that I want to use cert
authentication for I really have to have to users on the system (or i
guess maybe you could fake HOME=... psql -U other_user). Or am I
missing a way around this? (granted this might be a non-issue for now
as you can use trust clientcert=1 in pg_hba.conf with your other
patch?)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-11-16 00:25:58 | Re: "ORDER BY" clause prevents "UPDATE WHERE CURRENT OF" |
| Previous Message | Andrew Dunstan | 2008-11-15 22:52:42 | Re: Pl/Perl function: Speed of the First time executing pl/perl function in connection; |