Re: certificate based authorization - Mailing list pgsql-general

From Sebastian - Anton PONOVESCU
Subject Re: certificate based authorization
Date
Msg-id 004801c83323$141a50c0$458019ac@tsd.mrc.alcatel.ro
Whole thread Raw
In response to Re: certificate based authorization  (Bruce Momjian <bruce@momjian.us>)
List pgsql-general
Hello

I did not thought about this. Anyway I think is quite unusable in my
environment. We're talking 50+ server (and in near future 100+ servers)
and 500+ users each of which will be granted access to a small number of
servers (like 2 or 3). So is very easy to say to one server who is
allowed to connect instead of saying the remaining 497 users (actually
certificates) that they are not allowed. And for another server other
different 497 users which are not allowed to connect in order to let in
only the remaining 2 or 3 and so on.

Thank you and best regards,
Sebastian



-----Original Message-----
From: Bruce Momjian [mailto:bruce@momjian.us]
Sent: Friday, November 30, 2007 3:51 AM
To: sebastian.ponovescu@alcatel-lucent.ro
Cc: pgsql-general@postgresql.org
Subject: Re: [GENERAL] certificate based authorization


Sebastian - Anton PONOVESCU wrote:
> Hello
>
> Is there a way to use certificate based authorization with postgresql?
I
> already implemented authentication, but among the people that my CA
> certifies, and which I trust by the way, I want to distinguish to a
> particular server who I grand access and who I don't even if they are
> who they claim they are. And this based only on certificates not user
/
> pass or other mechanisms like LDAP / PAM.

Have you tried adding CRLs?  We support those.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB
http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +


pgsql-general by date:

Previous
From: Robert Treat
Date:
Subject: Re: Postgres WarmStandby using ZFS or Snapshot to create Web DB?
Next
From: "Ragnar Heil"
Date:
Subject: Re: Postgres High Availablity Solution needed for hot-standby and load balancing