On Sun, Jun 03, 2007 at 12:21:14AM +0200, Andreas wrote: > Hi, > > I've got it so far: > Server-OS: Debian 3.1 sarge > PostgreSQL: Debian's binary PG 8.1.8 (still the most recent version > available) > > Following a tutorial (actually for OpenVPN as I didn't find any for PG > that goes beyond what is found in the main docu) I created a CA, server > and client certificate, updated postgresql.conf and pg_hba.conf, did a > restart of PG and connected from a windows box with pgAdmin. > NICE :) > > Now as far as I see, even though I have my postgresql.crt+key in place, > I still have to provide username and password, right? Yes. postgresql can check that the client provides valid certificates, you cannot however yet authenticate with certificates. > Can I further check the security of the server? The aim will be to have > the port open to the Internet. Try to connect without SSL? > Is there a documentation, that covers those matters more deeply than > chapter 16.8 and 20.1 of PG's main documentation? > Especially the whole client-side topic is rather thin for a newbie. There's 29.16: http://www.postgresql.org/docs/8.2/interactive/libpq-ssl.html As for CRL, I think that was only added after 8.1. Other than that I don't know. Hope this helps, -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Attachment:
signature.asc
Description: Digital signature
