On Thursday 20 September 2007 11:41:00 Tom Lane wrote: > "Albe Laurenz" <laurenz.albe@xxxxxxxxxx> writes: > > Jorge Godoy wrote: > >> Even though one can require connections using only SSL on the > >> server side, I don't see a method (in pg_hba.conf) that > >> would allow clients with SSL certificates. > > > > Nor do I. > > If you mean *require* clients to have certificates, that's not > determined by pg_hba.conf, it's determined by whether you provide > a root.crt file. See > http://www.postgresql.org/docs/8.2/static/ssl-tcp.html Thank you! Complemented with http://www.postgresql.org/docs/8.2/static/libpq-ssl.html this is exactly what we were guessing the OP asked for... I'll have to dig if the libraries I use support that. It would be much more interesting changing certificates once a year than hardcoding passwords on code... -- Jorge Godoy <jgodoy@xxxxxxxxx> ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
