On 1/22/21 11:49 AM, Rob Sargent wrote:
>
>
>> > Also I'm guessing you have ssl = on in postgresql.conf and server
>> cert setup.
>
> Sorry, here's a likely explaination from postgresql.conf
>
> ssl = on
> #ssl_ca_file = ''
>
> ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
> #ssl_crl_file = ''
>
> ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
>
> I have no recollection of making those choices (or what I had for
> breakfast).
>
>>
>> If you want to enforce SSL then:
>>
>> "
>> hostssl
>>
>> This record matches connection attempts made using TCP/IP, but
>> only when the connection is made with SSL encryption.
>
> Do you have any thoughts on question #2?
No, as I really have no idea what:
"In production I hope to name the role with each connection as I want
the search_path set by the connecting role. ..."
means?
I would point out this:
https://www.postgresql.org/docs/12/auth-cert.html
"User name mapping can be used to allow cn to be different from the
database user name."
which leads to this:
https://www.postgresql.org/docs/12/auth-username-maps.html
--
Adrian Klaver
adrian.klaver@aklaver.com
