On Sun, Nov 27, 2022 at 12:50 AM Dhirendra Singh <dhirendraks@xxxxxxxxx> wrote:
Yes. My question is about the log message.Log message in the postmaster says...FATAL: certificate authentication failed for user "test (S114546)"But certificate authentication should pass because supplied user in the connection request and CN in certificate is same.
"certificate authentication" is the name for the overall process, and that overall process did fail. The specific reason for the failure is given in the server log (but intentionally not passed to the client): 'no match in usermap "mymap"'.
It should fail afterwards with message that user "test (S114546)" does not exist
It can't get far enough to fail for that reason, because the usermap failure squashes it first. If you add a mapping for that non-existent user (or just stop using a map) then you will get an error about the user not existing.