Re: Draft of 8.4 beta announcement, please edit

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: pgsql-advocacy(at)postgresql(dot)org, Magnus Hagander <magnus(at)hagander(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>
Subject: Re: Draft of 8.4 beta announcement, please edit
Date: 2009-04-11 02:09:02
Message-ID: 200904110209.n3B292T11610@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-advocacy

Peter Eisentraut wrote:
> On Friday 10 April 2009 00:27:20 Magnus Hagander wrote:
> > Peter Eisentraut wrote:
> > > On Thursday 09 April 2009 02:14:44 Josh Berkus wrote:
> > >> * Support SSL certs for authentication
> > >
> > > This is not really new, it's just easier/different/something to use.
> >
> > Using SSL certs for authentication is most definitely new in 8.4.
>
> Client authentication is new. Server authentication is not.

I think this is referring to the 8release note item:

Add <literal>cert</> authentication method to allow user
authentication via <acronym>SSL</> certificates (Magnus)

Previously <acronym>SSL</> certificates could only verify that
the client had access to a certificate, not authenticate a
user.

The details are here:

http://developer.postgresql.org/pgdocs/postgres/auth-methods.html#AUTH-CERT

In summary:

The 'cn' attribute of the certificate will be compared to the
login username, and if they match the login will be allowed.

I have updated the release notes bullet text and draft release
announcement wiki to be:

Support SSL certificates for user authentication

Note the addition of the word "user".

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Browse pgsql-advocacy by date

  From Date Subject
Next Message Peter Eisentraut 2009-04-12 08:55:00 Re: Draft of 8.4 beta announcement, please edit
Previous Message Peter Eisentraut 2009-04-10 19:52:10 Re: Draft of 8.4 beta announcement, please edit