On 05/26/20 00:07, Isaac Morland wrote: > What about the SSH model? In the Postgres context, this would basically be > a table containing authorized certificates for each user. Upon receiving a > connection attempt, look up the user and the presented certificate and see > if it is one of the authorized ones. If so, do the usual verification that > the client really does have the corresponding private key and if so, > authenticate the connection.
I like the SSH model, but just in case it wasn't clear, I wasn't thinking about client-cert authentication here, just about conventional verification by the client of a certificate for the server. By the same token, there's no reason not to ask the same questions about the other direction. Regards, -Chap
