Re: Successor of MD5 authentication, let's use SCRAM
| От | Robert Haas |
|---|---|
| Тема | Re: Successor of MD5 authentication, let's use SCRAM |
| Дата | |
| Msg-id | CA+TgmoZQe1uGpR65CZLs8ptXEuAokowZ9yQRvffu7juY5cj6KA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Successor of MD5 authentication, let's use SCRAM (Greg Stark <stark@mit.edu>) |
| Список | pgsql-hackers |
On Mon, Oct 22, 2012 at 6:54 PM, Greg Stark <stark@mit.edu> wrote: > I think we can provide a much better warning however. I think we want > something like 'WARNING: Server identity signed by unknown and > untrusted authority "Snakeoil CA"' > > We could go even further: > INFO: Server identity "ACME Debian Machine" certified by "Snakeoil CA" > WARNING: Server identity signed by unknown and untrusted authority "Snakeoil CA" > HINT: Add either the server certificate or the CA certificate to > "/usr/lib/ssl/certs" after verifying the identity and certificate hash > > SSL is notoriously hard to set up, it would go a long way to give the > sysadmin an immediate pointer to what certificates are being used and > where to find or install the CA certs. It might be worth mentioning > the GUC parameter names to control these things too. Yeah, this seems like a nice idea if we can do it. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: