Re: Allow root ownership of client certificate key - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Allow root ownership of client certificate key
Date
Msg-id 20220301003153.GP10577@tamriel.snowman.net
Whole thread Raw
In response to Re: Allow root ownership of client certificate key  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Allow root ownership of client certificate key
List pgsql-hackers
Greetings,

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> David Steele <david@pgmasters.net> writes:
> > Any thoughts on back-patching at least the client portion of this?
> > Probably hard to argue that it's a bug, but it is certainly painful.
>
> I'd be more eager to do that if we had some field complaints
> about it.  Since we don't, my inclination is not to, but I'm
> only -0.1 or so; anybody else want to vote?

This patch was specifically developed in response to field complaints
about it working differently, so there's that.  Currently it's being
worked around in the container environments by copying the key from the
secret that's provided to a temporary space where we can modify the
privileges, but that's pretty terrible.  Would be great to be able to
get rid of that in favor of being able to use it directly.

Thanks,

Stephen

Attachment

pgsql-hackers by date:

Previous
From: "Euler Taveira"
Date:
Subject: Re: logical replication restrictions
Next
From: Masahiko Sawada
Date:
Subject: Re: Showing I/O timings spent reading/writing temp buffers in EXPLAIN