On 1/22/21 3:54 PM, Adrian Klaver wrote:
On 1/22/21 2:48 PM, Rob Sargent wrote:
Honest, I've been reading 18.9 but as you can see it uses CN for host
and then 20.12 suggests using CN for role.
Difference between server certificate and client certificate.
To get a handle on this is going
On 1/22/21 2:48 PM, Rob Sargent wrote:
Check out this section:
https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
"... the cn (Common Name) in the certificate matches the user name or
an applicable mapping."
This section spells out what is needed for the various forms
Check out this section:
https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
"... the cn (Common Name) in the certificate matches the user name or
an applicable mapping."
This section spells out what is needed for the various forms of client
cert SSL authentication.
On 1/22/21 1:11 PM, Rob Sargent wrote:
Just prior to that quote is
"The cn (Common Name) attribute of the certificate will be compared to
the requested database user name, and if they match the login will be
allowed."
which leads to me to believe I would need a cert per role.
which leads
No, as I really have no idea what:
"In production I hope to name the role with each connection as I want
the search_path set by the connecting role. ..."
means?
My apologies: I rely on the search_path being set according to the role
(--user).
Perhaps what I was missing is that the connec
On 1/22/21 11:49 AM, Rob Sargent wrote:
> Also I'm guessing you have ssl = on in postgresql.conf and server
cert setup.
Sorry, here's a likely explaination from postgresql.conf
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_fil
Thanks guys. I realise it was an odd request. The scenario is I'm building
a mechanism for an application to operate in limited capacity using a
secondary database while the primary database is being upgraded. I'm using
postgres_fdw to sync changes between the primary and secondary databases.
The r
> Also I'm guessing you have ssl = on in postgresql.conf and server cert
setup.
Sorry, here's a likely explaination from postgresql.conf
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-sna
On 1/22/21 11:04 AM, Rob Sargent wrote:
I will need to enforce ssl/tls in my production environment so I thought
I would try setting things up on localhost to see how that went.
Then I noticed that my successful connections from
"/usr/lib/postgresql/12/bin/psql -U postgres -h localhost -P pa
I will need to enforce ssl/tls in my production environment so I thought
I would try setting things up on localhost to see how that went.
Then I noticed that my successful connections from
"/usr/lib/postgresql/12/bin/psql -U postgres -h localhost -P pager=off
postgres" report:
psql (12.
> > Hi all,
> >
> > Im getting this error message when try to restore a database :
> >
> > ERROR: function f_validanumero_cnpj_cpf(character) does not exist
> >
> > LINE 1: SELECT (f_validanumero_cnpj_cpf(trim(cnpj_cpf)::char)=false)
> >
> > ^
> >
> > HINT: No function matches t
Hi
> > I’m getting this error message when try to restore a database :
> > ERROR: function f_validanumero_cnpj_cpf(character) does not exist
> > LINE 1: SELECT (f_validanumero_cnpj_cpf(trim(cnpj_cpf)::char)=false)
> > ^
> > HINT: No function matches the given name and argument t
Failed to copy pgsql-general, post repeated below:
Adrian,
I used your suggestions, fixed the column order, and it worked the
first time for the customer this morning:
hosttestpgdbpgusereee.fff.ggg.1/24password
THANKS!
On 22/01/21, Benedict Holland (benedict.m.holl...@gmail.com) wrote:
> Sometimes it is easier to simply > replicate the existing bad process
> that a team agrees to rather than making > a better process.
As Alvar Aalto said in a lecture at MIT
It is not by temporary building that Parthenon com
Does anyone know if there is an open service broker api for a local PGDG
Postgres installation?
I can only find an osb api for Crunchy Postgres pgo:
https://github.com/CrunchyData/pgo-osb
-Markus
No. Just no. I is fine to make stored procedure changes in a development
environment and deploy them as part of a release. Typically you would want
some sort of change tracking software like alembic or squitch or something
like that. Production databases typically contain a huge amount of data or
d
> -Ursprüngliche Nachricht-
> Von: Laurenz Albe
> Gesendet: Freitag, 15. Januar 2021 17:21
> An: Zwettler Markus (OIZ) ; pgsql-
> gene...@postgresql.org
> Betreff: Re: ldap connection parameter lookup
>
> On Fri, 2021-01-15 at 14:09 +, Zwettler Markus (OIZ) wrote:
> > I want to use ld
On 22/01/21, Benedict Holland (benedict.m.holl...@gmail.com) wrote:
> I mean... the best? You just laid out a bunch of steps to define a process.
>
> > On Thu, Jan 21, 2021 at 11:12 PM sivapostg...@yahoo.com <
> > sivapostg...@yahoo.com> wrote:
> >
> >> So the solution to the issue will be
> >>
>
I mean... the best? You just laid out a bunch of steps to define a process.
I will tell you that this sounds like a bad process and that there are
easier ways to make changes like inside of a transaction or backing up a
database before making changes or creating a table replication job, making
chan
> > If I have made a query on a foreign table (using postgres_fdw), it
> > establishes a connection automatically. Is there any way to
> > disconnect that fdw connection without disconnecting the session that
> > instigated it?
>
> No.
>
> From PostgreSQL v14 on, there is the "idle_session_time
On Fri, 2021-01-22 at 16:03 +1100, Steve Baldwin wrote:
> If I have made a query on a foreign table (using postgres_fdw),
> it establishes a connection automatically. Is there any way to
> disconnect that fdw connection without disconnecting the session
> that instigated it?
No.
>From PostgreS
Hi!
We are using the Partition Manager (pg_partman) in our software, and
to make sure the correct version is installed, our RPM (CentOS 7) has
declared a dependency on the pg_partman12 package.
However, the latest update to the package renames it without a
Provides on the old name, so a "yum
22 matches
Mail list logo
