This authentication method uses SSL client certificates to
perform authentication. It is therefore only available for SSL
connections. When using this authentication method, the server
will require that the client provide a valid, trusted
certificate. No password prompt will be sent to the client. The
cn (Common Name) attribute of the
certificate will be compared to the requested database user name,
and if they match the login will be allowed. User name mapping
can be used to allow
cn to be
different from the database user name.
The following configuration options are supported for SSL certificate authentication:
Allows for mapping between system and database user names. See Section 20.2 for details.
specifying certificate authentication, the authentication option
clientcert is assumed to be
1, and it cannot be turned off since
a client certificate is necessary for this method. What the
cert method adds to the basic
clientcert certificate validity test
is a check that the
matches the database user name.
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.