Search Postgresql Archives

Re: localhost ssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/22/21 11:49 AM, Rob Sargent wrote:
> Also I'm guessing you have ssl = on in postgresql.conf and server cert setup. 

Sorry, here's a likely explaination from postgresql.conf

ssl = on
#ssl_ca_file = ''

ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''

ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
I have no recollection of making those choices (or what I had for breakfast). 



If you want to enforce SSL then:

"
hostssl
     This record matches connection attempts made using TCP/IP, but only when the connection is made with SSL encryption. 

Do you have any thoughts on question #2?


No, as I really have no idea what:
"In production I hope to name the role with each connection as I want the search_path set by the connecting role. ..." 

means?

I would point out this:

https://www.postgresql.org/docs/12/auth-cert.html
"User name mapping can be used to allow cn to be different from the database user name." 

which leads to this:

https://www.postgresql.org/docs/12/auth-username-maps.html



--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux