| From: | Chapman Flack <chap(at)anastigmatix(dot)net> |
|---|---|
| To: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: what can go in root.crt ? |
| Date: | 2020-05-26 04:35:06 |
| Message-ID: | 5ECC9C7A.5030007@anastigmatix.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 05/26/20 00:07, Isaac Morland wrote:
> What about the SSH model? In the Postgres context, this would basically be
> a table containing authorized certificates for each user. Upon receiving a
> connection attempt, look up the user and the presented certificate and see
> if it is one of the authorized ones. If so, do the usual verification that
> the client really does have the corresponding private key and if so,
> authenticate the connection.
I like the SSH model, but just in case it wasn't clear, I wasn't thinking
about client-cert authentication here, just about conventional verification
by the client of a certificate for the server.
By the same token, there's no reason not to ask the same questions about
the other direction.
Regards,
-Chap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2020-05-26 04:57:27 | Re: PATCH: logical_work_mem and logical streaming of large in-progress transactions |
| Previous Message | Chapman Flack | 2020-05-26 04:31:34 | Re: what can go in root.crt ? |