Thread: certificate based authorization
Hello
Is there a way to use certificate based authorization with postgresql? I already implemented authentication, but among the people that my CA certifies, and which I trust by the way, I want to distinguish to a particular server who I grand access and who I don't even if they are who they claim they are. And this based only on certificates not user / pass or other mechanisms like LDAP / PAM.
Thank you and best regards,
Sebastian
Sebastian - Anton PONOVESCU wrote: > Hello > > Is there a way to use certificate based authorization with postgresql? I > already implemented authentication, but among the people that my CA > certifies, and which I trust by the way, I want to distinguish to a > particular server who I grand access and who I don't even if they are > who they claim they are. And this based only on certificates not user / > pass or other mechanisms like LDAP / PAM. Have you tried adding CRLs? We support those. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
Hello I did not thought about this. Anyway I think is quite unusable in my environment. We're talking 50+ server (and in near future 100+ servers) and 500+ users each of which will be granted access to a small number of servers (like 2 or 3). So is very easy to say to one server who is allowed to connect instead of saying the remaining 497 users (actually certificates) that they are not allowed. And for another server other different 497 users which are not allowed to connect in order to let in only the remaining 2 or 3 and so on. Thank you and best regards, Sebastian -----Original Message----- From: Bruce Momjian [mailto:bruce@momjian.us] Sent: Friday, November 30, 2007 3:51 AM To: sebastian.ponovescu@alcatel-lucent.ro Cc: pgsql-general@postgresql.org Subject: Re: [GENERAL] certificate based authorization Sebastian - Anton PONOVESCU wrote: > Hello > > Is there a way to use certificate based authorization with postgresql? I > already implemented authentication, but among the people that my CA > certifies, and which I trust by the way, I want to distinguish to a > particular server who I grand access and who I don't even if they are > who they claim they are. And this based only on certificates not user / > pass or other mechanisms like LDAP / PAM. Have you tried adding CRLs? We support those. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +