Home > mailing lists

Re: hba_conf hostssl clientcert=1 no longer required in 9.4 - Mailing list pgsql-docs

From	Srikanth Venkatesh
Subject	Re: hba_conf hostssl clientcert=1 no longer required in 9.4
Date	July 20, 2016 00:18:27
Msg-id	CAOwxV4ojDe5VJ3V517J2egTMNUy+UHDuK5TfV+Kqkw9mADWNSw@mail.gmail.com Whole thread Raw
In response to	Re: hba_conf hostssl clientcert=1 no longer required in 9.4 (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-docs

Tree view

So, one has to use "cert clientcert=1" and not just "cert" in hba_conf? So "clientcert" is an auth-method option of "cert"? That isn't exactly clear in the hba_conf documentation - https://www.postgresql.org/docs/9.4/static/auth-methods.html#AUTH-CERT . That part of the document doesn't mention what you just said.

On Fri, Jul 15, 2016 at 6:33 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Srikanth Venkatesh <srix55@gmail.com> writes:
> I guess it should mention that setting the parameter to 1 is no longer
> required... and that the default is 1 for "cert".

In what way is it no longer required? Without that flag set, there's
no insistence on a validated client cert.

regards, tom lane

pgsql-docs by date:

From: Alexander Law
Date: 19 July 2016, 21:16:03
Subject: 'Do not not' in pg_receivexlog.sgml and pg_recvlogical.sgml

From: Magnus Hagander
Date: 20 July 2016, 11:43:49
Subject: Re: 'Do not not' in pg_receivexlog.sgml and pg_recvlogical.sgml

Re: hba_conf hostssl clientcert=1 no longer required in 9.4 - Mailing list pgsql-docs

Previous

Next