> Check out this section:
>
> https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
>
> "... the cn (Common Name) in the certificate matches the user name or
> an applicable mapping."
>
> This section spells out what is needed for the various forms of client
> cert SSL authentication.
>
>>
>> I have specific roles accessing specific schemas via sql which is not
>> schema qualified.
>>
>
> I'm assuming this is some sort of security. Just wondering if there is
> provision made for people who know how to do SET search_path or \dn or
> schema qualify objects?
>
>
Honest, I've been reading 18.9 but as you can see it uses CN for host
and then 20.12 suggests using CN for role.
Yes, I'm confused. As I said in reply to Jeff, I would rather not need
to remember to set the search_path, which I can avoid if I login as "role".
