Home > mailing lists

Re: To whom an SSL client crt (postgresql.crt) is issued - Mailing list pgsql-interfaces

From	Tom Lane
Subject	Re: To whom an SSL client crt (postgresql.crt) is issued
Date	December 19, 2005 05:08:15
Msg-id	20253.1134972488@sss.pgh.pa.us Whole thread Raw
In response to	To whom an SSL client crt (postgresql.crt) is issued (k.p.d.lehre@medisin.uio.no)
List	pgsql-interfaces

Tree view

k.p.d.lehre@medisin.uio.no writes:
> The docs do not mention that the client crt has to be issued
> to the user trying to log on. Isn't it a point TO WHOM the client crt is
> issued? Is this the way it is meant to be?

Restricting that would require assumptions-not-in-evidence about
certificate issuers using names that sync with database user names.
But perhaps more to the point, Postgres does not use SSL certificates
as a user authentication mechanism, only as a transport privacy
mechanism.  Using SSL is not sufficient grounds for deciding you
can use "trust" auth mode.
        regards, tom lane

pgsql-interfaces by date:

From: k.p.d.lehre@medisin.uio.no
Date: 19 December 2005, 03:44:19
Subject: To whom an SSL client crt (postgresql.crt) is issued

From: jmadm
Date: 20 December 2005, 18:50:12
Subject: Cursors for update.., we have to port an informix 9.x appication using cursors for update

Re: To whom an SSL client crt (postgresql.crt) is issued - Mailing list pgsql-interfaces

Previous

Next