On 1/22/21 2:48 PM, Rob Sargent wrote:

Check out this section:

https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES

"...  the cn (Common Name) in the certificate matches the user name or an applicable mapping."

This section spells out what is needed for the various forms of client cert SSL authentication.


I have specific roles accessing specific schemas via sql which is not schema qualified.


I'm  assuming this is some sort of security. Just wondering if there is provision made for people who know how to do SET search_path or \dn or schema qualify objects?


Honest, I've been reading 18.9 but as you can see it uses CN for host and then 20.12 suggests using CN for role.

Difference between server certificate and client certificate.

To get a handle on this is going to take an outline of what your authentication needs are?



Yes, I'm confused.  As I said in reply to Jeff, I would rather not need to remember to set the search_path, which I can avoid if I login as "role".

I have not seen that conversation and I do not see it in the archive either. Is that off-list, different thread, something else?



--
Adrian Klaver
adrian.kla...@aklaver.com


Reply via email to