Kyle Bateman <kyle@batemans.org> writes:
> On 10/11/19 1:05 PM, Tom Lane wrote:
>> I agree with Andrew that that's just silly. If you give all your users
>> the same cert then any of them can masquerade as any other. You might
>> as well just tell them to share the same login id.
> In my implementation, I'm not giving the cert to all my users. I'm only
> giving it to the middleware server that manages connections.
> What I hope to accomplish is: Establish a secure, encrypted connection
> to Postgresql from a trusted process, possibly running on another
> machine, whom I trust to tell me which user (within a limited set,
> defined by a role) it would like to connect as. That process does it's
> own robust authentication of users before letting them through to the
> database by the username they claim. However, it is still useful to
> connect as different users because my views and functions operate
> differently depending on which user is on the other end of the connection.
Well, you can do that, it's just not cert authentication.
What you might consider is (1) set up an ssl_ca_file, so that the
server only believes client certs traceable to that CA, and (2) require
SSL connections (use "hostssl" entries in pg_hba.conf). Then you
expect that possession of a cert issued by your CA is enough to
authorize connections to the database. But don't use the cert
auth method --- based on what you said here, you might even just
use "trust".
regards, tom lane
