| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | Jim Jones <jim(dot)jones(at)uni-muenster(dot)de> |
| Cc: | Israel Barth Rubio <barthisrael(at)gmail(dot)com>, Jelte Fennema <postgres(at)jeltef(dot)nl>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist |
| Date: | 2023-01-20 19:24:49 |
| Message-ID: | CAAWbhmh_QqCnRVV8ct3gJULReQjWxLTaTBqs+fV7c7FpH0zbew@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jan 20, 2023 at 11:09 AM Jim Jones <jim(dot)jones(at)uni-muenster(dot)de> wrote:
> Well, I am not suggesting to change the current behavior of PostgreSQL in
> that matter. Quite the contrary, I find this feature very convenient,
> specially when you need to deal with many different clusters. What I am
> proposing is rather the possibility to disable it on demand :) I mean,
> in case I do not want libpq to try to authenticate using the certificates
> in `~/.postgresql`.
I think the sslcertmode=disable option that I introduced in [1] solves
this issue too; would it work for your case? That whole patchset is
meant to tackle the general case of the problem you've described.
(Eventually I'd like to teach the server not to ask for a client
certificate if it's not going to use it.)
> I do realize that this patch is a big ask, since probably nobody except
> me "needs it" :D
I'd imagine other people have run into it too; it's just a matter of
how palatable the workarounds were to them. :)
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Karl O. Pinc | 2023-01-20 19:33:46 | Re: Doc: Rework contrib appendix -- informative titles, tweaked sentences |
| Previous Message | Alvaro Herrera | 2023-01-20 19:12:38 | Re: Doc: Rework contrib appendix -- informative titles, tweaked sentences |