Re: PGPool and replication enforcement On "multi-master"
| От | Chris Travers |
|---|---|
| Тема | Re: PGPool and replication enforcement On "multi-master" |
| Дата | |
| Msg-id | 435552CD.6060501@metatrontech.com обсуждение исходный текст |
| Ответ на | Re: On "multi-master" (Andrew Sullivan <ajs@crankycanuck.ca>) |
| Список | pgsql-general |
Andrew Sullivan wrote: >On Sat, Oct 15, 2005 at 06:04:54PM -0700, Chris Travers wrote: > > >>Out of curiosity, what is wrong with requiring client SSL certs to >>access the system and only issuing them to the PGPool system (or using a >>different CA if you need to issue client certs to the end users)? This >> >> > >Hmm, I like this, although client SSL certs still didn't work with >JDBC last I checked, so it won't solve all the problems. But you're >right, this would mostly solve the problem I was thinking of, >provided it was described correctly to the (mostly-clueless) >technology rule-producers. > Oops. I guess PgPool doesn't support SSL connections to backend servers. Too bad :-( This would have been a really nice elegant solution to this problem. It looks like PgCluster may support SSL, I am not sure.... The problem is that one needs some way of authenticating the client not just the user. SSL would work for that. I can't think of any other way to authenticate the client while still allowing one to authenticate the user afterwards... And I doubt that it is possible to use Kerberos to authenticate the daemon as well as the end user... Best Wishes, Chris Travers Metatron Technology Consulting
Вложения
В списке pgsql-general по дате отправления: