| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Thomas Berger <thomas(dot)berger(at)1und1(dot)de>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Usage of the system truststore for SSL certificate validation |
| Date: | 2019-09-30 09:13:51 |
| Message-ID: | CABUevEx77QsL==kPv-h_oqPCnWn07GH4X42DBxdUJP2Dppeyng@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, Sep 28, 2019 at 9:59 PM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> On Thu, Sep 19, 2019 at 12:26:27PM -0400, Isaac Morland wrote:
> > If we're going to open this up, can we add an option to say "this key is
> > allowed to log in to this account", SSH style?
> >
> > I like the idea of using keys rather than .pgpass, but I like the ~/.ssh/
> > authorized_keys model and don't like the "set up an entire certificate
> > infrastructure" approach.
>
> This is actually a good question --- why does ssh do it that way and
> Postgres does it another, more like a web server/client. Maybe it is
> because ssh allows the user to create one key pair, and use it for
> several independent servers, while Postgres assumes the client will only
> connect to multiple related servers controlled by the same CA. With the
> Postgres approach, you can change the client certificate with no changes
> on the server, while with the ssh model, changing the client certificate
> requires sending the public key to the ssh server to be added to
> ~/.ssh/authorized_keys.
>
The big difference between the two methods in general is the CA yes. In the
SSL based method, you have a central authority that says "these keys are
OK" by means of certificates. In the ssh key model, there's an individual
keypair.
It would make no sense to extend the cert model of authentication to
support ssh style keys, IMO. However, it might make perfect sense to add a
separate pure key based login method. And re-using the way ssh handles keys
there would make sense. But the question is, would you really want to
re-use the ssh *keys*? You couldn't do it server-side anyway (PostgreSQL
won't have access to authorized_keys files for other users than itself, as
unlike ssh it doesn't run as root), and since you need a separate keyspace
you probably wouldn't want to use .ssh/identity either.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeevan Chalke | 2019-09-30 09:31:25 | Re: backup manifests |
| Previous Message | Fabien COELHO | 2019-09-30 08:56:21 | Re: pgbench - allow to create partitioned tables |