| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Neil Chen <carpenter(dot)nail(dot)cz(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
| Subject: | Re: Proposed patch for key managment |
| Date: | 2020-12-17 19:02:37 |
| Message-ID: | 20201217190237.GH23260@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Dec 14, 2020 at 11:16:18PM -0500, Bruce Momjian wrote:
> On Tue, Dec 15, 2020 at 10:36:56AM +0800, Neil Chen wrote:
> > Since our implementation is not in contrib, I don't think we should put the
> > script there. Maybe we can refer to postgresql.conf.sample?
>
> Uh, the script are 20-60 lines long --- I am attaching them to this
> email. Plus, when we allow user prompting for the SSL passphrase, we
> will have another script, or maybe three mor if people want to use a
> Yubikey to unlock the SSL passphrase.
Here is a run of all four authentication methods, and updated scripts.
I have renamed Yubiki to PIV since the script should work with anY
PIV-enabled deviced, like a CAC.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
| Attachment | Content-Type | Size |
|---|---|---|
| log | text/plain | 9.5 KB |
| pass_aws.sh | application/x-sh | 1.2 KB |
| pass_fd.sh | application/x-sh | 282 bytes |
| pass_piv_nopin.sh | application/x-sh | 1.4 KB |
| pass_piv_pin.sh | application/x-sh | 1.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexander Korotkov | 2020-12-17 19:10:56 | Re: range_agg |
| Previous Message | Pavel Stehule | 2020-12-17 18:59:45 | Re: [HACKERS] [PATCH] Generic type subscripting |