Peter Eisentraut wrote:
> On Friday 10 April 2009 00:27:20 Magnus Hagander wrote:
> > Peter Eisentraut wrote:
> > > On Thursday 09 April 2009 02:14:44 Josh Berkus wrote:
> > >> * Support SSL certs for authentication
> > >
> > > This is not really new, it's just easier/different/something to use.
> >
> > Using SSL certs for authentication is most definitely new in 8.4.
>
> Client authentication is new. Server authentication is not.
I think this is referring to the 8release note item:
Add <literal>cert</> authentication method to allow user
authentication via <acronym>SSL</> certificates (Magnus)
Previously <acronym>SSL</> certificates could only verify that
the client had access to a certificate, not authenticate a
user.
The details are here:
http://developer.postgresql.org/pgdocs/postgres/auth-methods.html#AUTH-CERT
In summary:
The 'cn' attribute of the certificate will be compared to the
login username, and if they match the login will be allowed.
I have updated the release notes bullet text and draft release
announcement wiki to be:
Support SSL certificates for user authentication
Note the addition of the word "user".
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +