Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist - Mailing list pgsql-hackers

From Jacob Champion
Subject Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist
Date
Msg-id CAAWbhmh_QqCnRVV8ct3gJULReQjWxLTaTBqs+fV7c7FpH0zbew@mail.gmail.com
Whole thread Raw
In response to Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist  (Jim Jones <jim.jones@uni-muenster.de>)
Responses Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist
List pgsql-hackers
On Fri, Jan 20, 2023 at 11:09 AM Jim Jones <jim.jones@uni-muenster.de> wrote:
> Well, I am not suggesting to change the current behavior of PostgreSQL in
> that matter. Quite the contrary, I find this feature very convenient,
> specially when you need to deal with many different clusters. What I am
> proposing is rather the possibility to disable it on demand :) I mean,
> in case I do not want libpq to try to authenticate using the certificates
> in `~/.postgresql`.

I think the sslcertmode=disable option that I introduced in [1] solves
this issue too; would it work for your case? That whole patchset is
meant to tackle the general case of the problem you've described.

(Eventually I'd like to teach the server not to ask for a client
certificate if it's not going to use it.)

> I do realize that this patch is a big ask, since probably nobody except
> me "needs it" :D

I'd imagine other people have run into it too; it's just a matter of
how palatable the workarounds were to them. :)

--Jacob

[1]
https://www.postgresql.org/message-id/flat/CAAWbhmi4V9zEAvfUSCDFx1pOr3ZWrV9fuxkv_2maRqvyc-m9PQ%40mail.gmail.com#199c1f49fbefa6be401db35f5cfa7742



pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: Doc: Rework contrib appendix -- informative titles, tweaked sentences
Next
From: "Karl O. Pinc"
Date:
Subject: Re: Doc: Rework contrib appendix -- informative titles, tweaked sentences