Check out this section:
https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
"... the cn (Common Name) in the certificate matches the user name or
an applicable mapping."
This section spells out what is needed for the various forms of client
cert SSL authentication.
I have specific roles accessing specific schemas via sql which is not
schema qualified.
I'm assuming this is some sort of security. Just wondering if there is
provision made for people who know how to do SET search_path or \dn or
schema qualify objects?
Honest, I've been reading 18.9 but as you can see it uses CN for host
and then 20.12 suggests using CN for role.
Yes, I'm confused. As I said in reply to Jeff, I would rather not need
to remember to set the search_path, which I can avoid if I login as "role".
