Hi Rob,
> On 23. Jan, 2021, at 00:02, Rob Sargent wrote:
>
> I only wish I could set a default database as well, but IMHO that's a failing
> of JDBC as much as postgres.
you can't for a role or a user. You'd have to specify the database in the jdbc
connection string. It's all here:
https://j
Hi Rob,
> On 22. Jan, 2021, at 23:48, Rob Sargent wrote:
>
> Yes, I'm confused. As I said in reply to Jeff, I would rather not need to
> remember to set the search_path, which I can avoid if I login as "role".
I didn't follow the whole discussion, so sorry, to just jump in here.
You don't ne
On 1/22/21 3:54 PM, Adrian Klaver wrote:
On 1/22/21 2:48 PM, Rob Sargent wrote:
Honest, I've been reading 18.9 but as you can see it uses CN for host
and then 20.12 suggests using CN for role.
Difference between server certificate and client certificate.
To get a handle on this is going
On 1/22/21 2:48 PM, Rob Sargent wrote:
Check out this section:
https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
"... the cn (Common Name) in the certificate matches the user name or
an applicable mapping."
This section spells out what is needed for the various forms
Check out this section:
https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
"... the cn (Common Name) in the certificate matches the user name or
an applicable mapping."
This section spells out what is needed for the various forms of client
cert SSL authentication.
On 1/22/21 1:11 PM, Rob Sargent wrote:
Just prior to that quote is
"The cn (Common Name) attribute of the certificate will be compared to
the requested database user name, and if they match the login will be
allowed."
which leads to me to believe I would need a cert per role.
which leads
No, as I really have no idea what:
"In production I hope to name the role with each connection as I want
the search_path set by the connecting role. ..."
means?
My apologies: I rely on the search_path being set according to the role
(--user).
Perhaps what I was missing is that the connec
On 1/22/21 11:49 AM, Rob Sargent wrote:
> Also I'm guessing you have ssl = on in postgresql.conf and server
cert setup.
Sorry, here's a likely explaination from postgresql.conf
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_fil
> Also I'm guessing you have ssl = on in postgresql.conf and server cert
setup.
Sorry, here's a likely explaination from postgresql.conf
ssl = on
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-sna
On 1/22/21 11:04 AM, Rob Sargent wrote:
I will need to enforce ssl/tls in my production environment so I thought
I would try setting things up on localhost to see how that went.
Then I noticed that my successful connections from
"/usr/lib/postgresql/12/bin/psql -U postgres -h localhost -P pa
10 matches
Mail list logo
