12th September 2019: PostgreSQL 12 Beta 4 Released!

Feature Description

Multifactor authentication via valid client SSL certificate

If an authentication entry in the pg_hba.conf specifies the "clientcert=verify-full", then the client must present a valid SSL certificate that matches the login name, or the client name based on a map. https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES