Re: localhost ssl

On 1/22/21 2:48 PM, Rob Sargent wrote:
> 
>> Check out this section:
>>
>> https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
>>
>> "...  the cn (Common Name) in the certificate matches the user name or 
>> an applicable mapping."
>>
>> This section spells out what is needed for the various forms of client 
>> cert SSL authentication.
>>
>>>
>>> I have specific roles accessing specific schemas via sql which is not 
>>> schema qualified.
>>>
>>
>> I'm  assuming this is some sort of security. Just wondering if there 
>> is provision made for people who know how to do SET search_path or \dn 
>> or schema qualify objects?
>>
>>
> Honest, I've been reading 18.9 but as you can see it uses CN for host 
> and then 20.12 suggests using CN for role.

Difference between server certificate and client certificate.

To get a handle on this is going to take an outline of what your 
authentication needs are?


> 
> Yes, I'm confused.  As I said in reply to Jeff, I would rather not need 
> to remember to set the search_path, which I can avoid if I login as "role".

I have not seen that conversation and I do not see it in the archive 
either. Is that off-list, different thread, something else?



-- 
Adrian Klaver
adrian.klaver@aklaver.com