| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Rob Sargent <robjsargent(at)gmail(dot)com>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: certs in connection string |
| Date: | 2021-02-15 15:23:41 |
| Message-ID: | 8adec105140aebabf0814880fd88d3ed8fac8c3e.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sat, 2021-02-13 at 09:57 -0700, Rob Sargent wrote:
> I’m confused, as usual, about using a cert in a connection string. I wish to connect form a
> “middle ware” piece to PG on be half of various clients. Does each client need a corresponding
> cert/key or is the certification intended to say the sending machine is who it says it is
> (thereby needing only one cert)
They can share one certificate.
https://www.postgresql.org/docs/current/auth-cert.html:
When using this authentication method, the server will require that the client provide a valid,
trusted certificate. No password prompt will be sent to the client. The cn (Common Name)
attribute of the certificate will be compared to the requested database user name, and if they
match the login will be allowed.
Yours,
Laurenz Albe
--
Cybertec | https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Laurenz Albe | 2021-02-15 15:31:56 | Re: [LDAPS] Test connection user with ldaps server |
| Previous Message | Fabio Pardi | 2021-02-15 13:11:55 | Re: Why is Postgres only using 8 cores for partitioned count? [Parallel Append] |