On 02/04/2013 04:46 AM, Hari Babu wrote:
On Friday, February 01, 2013 7:53 PM Adrian Klaver wrote:
On 02/01/2013 06:06 AM, Hari Babu wrote:
We tried the approach as suggested by you but still it is not working as shown in the below log (I had enabled logLevel as 1)
keystore passowrd is qwerty
19:26:22.666 (1) PostgreSQL 9.2 JDBC4 (build 1002)
19:26:23.451 (1) Receive Buffer Size is 43808
19:26:23.452 (1) Send Buffer Size is 25386
getConnection returning driver[className=org.postgresql.Driver,org.postgresql.Driver@3f7fa65e]
Connection1 successful! Conn1:org.postgresql.jdbc4.Jdbc4Connection@6baa9f99
null
wrongqwerty
DriverManager.getConnection("jdbc:postgresql://127.0.0.1:15432/postgres")
trying driver[className=sun.jdbc.odbc.JdbcOdbcDriver,sun.jdbc.odbc.JdbcOdbcDriver@3597a37c]
*Driver.connect (jdbc:postgresql://127.0.0.1:15432/postgres)
trying driver[className=org.postgresql.Driver,org.postgresql.Driver@3f7fa65e]
19:26:23.835 (2) PostgreSQL 9.2 JDBC4 (build 1002)
19:26:23.847 (2) Receive Buffer Size is 43808
19:26:23.848 (2) Send Buffer Size is 25386
getConnection returning driver[className=org.postgresql.Driver,org.postgresql.Driver@3f7fa65e]
Connection2 successful! Conn2:org.postgresql.jdbc4.Jdbc4Connection@2e958bb8
Connect OK
There is function as SSL_CTX_SETSESSIONCACHEMODE(ctxt, mode) in C library of SSL.
Can you please let us know if there is some similar function in JSSE also.
Per a previous post, have you verified that pg_hba.conf is set up to
properly handle SSL password connections?
Yes, I have modified the pg_hba.conf as follows to handle the SSL connections.
# IPv4 local connections:
hostssl all all 10.18.0.0/16 cert
This is your entire pg_hba,conf?
If so, note the part about no password prompt below:
http://www.postgresql.org/docs/9.2/interactive/auth-methods.html#AUTH-CERT
"
19.3.10. Certificate Authentication
This authentication method uses SSL client certificates to perform
authentication. It is therefore only available for SSL connections. When
using this authentication method, the server will require that the
client provide a valid certificate. No password prompt will be sent to
the client. The cn (Common Name) attribute of the certificate will be
compared to the requested database user name, and if they match the
login will be allowed. User name mapping can be used to allow cn to be
different from the database user name.
The following configuration options are supported for SSL certificate
authentication:
map
Allows for mapping between system and database user names. See Section
19.2 for details."
I am guessing what you want is:
hostssl all all 10.18.0.0/16 md5
See here for more detail:
http://www.postgresql.org/docs/9.2/interactive/auth-pg-hba-conf.html
In particular:
"The first record with a matching connection type, client address,
requested database, and user name is used to perform authentication.
There is no "fall-through" or "backup": if one record is chosen and the
authentication fails, subsequent records are not considered. If no
record matches, access is denied."
please provide your suggestions.
Regards,
Hari babu.
--
Adrian Klaver
adrian.klaver@xxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
