[EMAIL PROTECTED] wrote: > On Sat, Dec 30, 2006 at 06:05:14PM +0100, Martijn van Oosterhout wrote: >> Except tht X.509 is already done (in a sense). The client can supply a >> certificate that the server can check, and vice-versa. You can't link >> this with the postgresql username yet, but I havn't seen any proposals >> about how to do that. > > I suggest associating the SHA-1 fingerprint with the ROLE. I would love > to have this.
I would suggest a map based on the CN. Any org with a centralized PKI infrastructure is likely to assign certs with the userid or other unique identifier in the CN. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq