Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist
| От | Jacob Champion |
|---|---|
| Тема | Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist |
| Дата | |
| Msg-id | CAAWbhmiYE+fqaZ+LX55fxtWMYMSa8vz9YnD_=cDio-sunTyG2Q@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist (Israel Barth Rubio <barthisrael@gmail.com>) |
| Ответы |
Re: Authentication fails for md5 connections if ~/.postgresql/postgresql.{crt and key} exist
|
| Список | pgsql-hackers |
On Wed, Jan 25, 2023 at 7:47 AM Israel Barth Rubio <barthisrael@gmail.com> wrote: > I imagine more people might have already hit a similar situation too. While the > workaround can seem a bit weird, in my very humble opinion the user/client is > somehow still the one to blame in this case as it is providing the "wrong" file in > a path that is checked by libpq. With that in mind I would be inclined to say it is > an acceptable workaround. I'm not sure how helpful it is to assign "blame" here. I think the requested improvement is reasonable -- it should be possible to override the default for a particular connection, without having to pick a junk value that you hope doesn't match up with an actual file on the disk. > Although both patches achieve a similar goal regarding not sending the > client certificate there is still a slight but in my opinion important difference > between them: sslmode=disable will also disable channel encryption. It > may or may not be acceptable depending on how the connection is between > your client and the server. sslmode=disable isn't used in either of our proposals, though. Unless I'm missing what you mean? --Jacob
В списке pgsql-hackers по дате отправления: