Обсуждение: SSL Client Authentication

Поиск
Список
Период
Сортировка

SSL Client Authentication

От
Tim Tassonis
Дата:
Hi List

I'm currently playing with SSL support in PostgreSQL and have a few
questions:


SSL in general seems to work fine, but the client does not seem to
perform any server verification (Hostname or CA). Is suport for this
planned?

Client Authentication seems to work as well, but there seems to be no
mapping done from the Client Cert to a database. So there seems to very
little use of enabling client authentication.

Do plans exist with regard to enhance SSL/TLS support in PostgreSQL?

I think the following would be nice:

- Server Verification possible.
- Passwordless Client Authentication with Userid mapping to Cert DN

Oracle for instance does this like this:


alter user jdoe identified externally as 'cn=jdoe,....'

MySQL does it like this:

grant priv on db1.* to jdoe@'%' REQUIRE SUBJECT '/../CN=jdoe';


Bye
Tim