| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | k(dot)p(dot)d(dot)lehre(at)medisin(dot)uio(dot)no |
| Cc: | pgsql-interfaces(at)postgresql(dot)org |
| Subject: | Re: To whom an SSL client crt (postgresql.crt) is issued |
| Date: | 2005-12-19 06:08:08 |
| Message-ID: | 20253.1134972488@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-interfaces |
k(dot)p(dot)d(dot)lehre(at)medisin(dot)uio(dot)no writes:
> The docs do not mention that the client crt has to be issued
> to the user trying to log on. Isn't it a point TO WHOM the client crt is
> issued? Is this the way it is meant to be?
Restricting that would require assumptions-not-in-evidence about
certificate issuers using names that sync with database user names.
But perhaps more to the point, Postgres does not use SSL certificates
as a user authentication mechanism, only as a transport privacy
mechanism. Using SSL is not sufficient grounds for deciding you
can use "trust" auth mode.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jmadm | 2005-12-20 19:46:49 | Cursors for update.., we have to port an informix 9.x appication using cursors for update |
| Previous Message | k.p.d.lehre | 2005-12-18 15:17:06 | To whom an SSL client crt (postgresql.crt) is issued |