On 1/22/21 11:49 AM, Rob Sargent wrote:
> Also I'm guessing you have ssl = on in postgresql.conf and server
cert setup.
Sorry, here's a likely explaination from postgresql.conf
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
I have no recollection of making those choices (or what I had for
breakfast).
If you want to enforce SSL then:
"
hostssl
This record matches connection attempts made using TCP/IP, but
only when the connection is made with SSL encryption.
Do you have any thoughts on question #2?
No, as I really have no idea what:
"In production I hope to name the role with each connection as I want
the search_path set by the connecting role. ..."
means?
I would point out this:
https://www.postgresql.org/docs/12/auth-cert.html
"User name mapping can be used to allow cn to be different from the
database user name."
which leads to this:
https://www.postgresql.org/docs/12/auth-username-maps.html
--
Adrian Klaver
adrian.kla...@aklaver.com
