On 1/22/21 2:48 PM, Rob Sargent wrote:
Check out this section:
https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
"... the cn (Common Name) in the certificate matches the user name or
an applicable mapping."
This section spells out what is needed for the various forms of client
cert SSL authentication.
I have specific roles accessing specific schemas via sql which is not
schema qualified.
I'm assuming this is some sort of security. Just wondering if there
is provision made for people who know how to do SET search_path or \dn
or schema qualify objects?
Honest, I've been reading 18.9 but as you can see it uses CN for host
and then 20.12 suggests using CN for role.
Difference between server certificate and client certificate.
To get a handle on this is going to take an outline of what your
authentication needs are?
Yes, I'm confused. As I said in reply to Jeff, I would rather not need
to remember to set the search_path, which I can avoid if I login as "role".
I have not seen that conversation and I do not see it in the archive
either. Is that off-list, different thread, something else?
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
