Jim Nasby wrote:
On 11/6/15 8:01 AM, Mark Morgan Lloyd wrote:
Purely out of curiosity, is there any way of using some sort of "web of
trust" (comparable with GPG or whatever) when verifying server and
client certificates, rather than going back to a centralised CA?
My apologies if this is a silly question, or if there are fundamental
reasons why such a thing would be inappropriate. My scenario is that I'm
looking at multiple PostgreSQL servers (with supporting custom software)
arranged (approximately) as a tree, with nodes sending notifications to
their peers as they see changes. I want to make it as easy as possible
to set up a new server and get it cooperating with the rest, and some
sort of WoT might be plausible rather than having to wait for the root
administrator to send keys over a secure channel.
Postgres does support PAM, so you might be able to craft such a solution
using that along with something that support WoT (like GPG).
Thanks for that Jim, very interesting suggestion.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
