Обсуждение: Difference between host, hostssl and hostnossl connection type
Hi All,
I am using postgres version 14.
I would like to know what is the difference between host, hostssl and hostnossl connection type.
According to documentation,
host => This record matches connection attempts made using TCP/IP. host records match SSL or non-SSL connection attempts as well as GSSAPI encrypted or non-GSSAPI encrypted connection
attempts.
hostssl => This record matches connection attempts made using TCP/IP, but only when the connection is made with SSL encryption.
hostnossl => This record type has the opposite behavior of hostssl; it only matches connection attempts made over TCP/IP that do not use SSL.
I provided cert authentication method for host type connection. but i get error and postgres does not come up. Following is the error message i get.
LOG: cert authentication is only supported on hostssl connections.
Thanks,
Dhirendra.
On Fri, 2022-11-25 at 10:51 +0530, Dhirendra Singh wrote: > I am using postgres version 14. > I would like to know what is the difference between host, hostssl and hostnossl connection type. > According to documentation, > host => This record matches connection attempts made using TCP/IP. host records match SSL or non-SSL > connection attempts as well as GSSAPI encrypted or non-GSSAPI encrypted connection > attempts. > hostssl => This record matches connection attempts made using TCP/IP, but only when the connection > is made with SSL encryption. > hostnossl => This record type has the opposite behavior of hostssl; it only matches connection > attempts made over TCP/IP that do not use SSL. > > I provided cert authentication method for host type connection. but i get error and postgres > does not come up. Following is the error message i get. > LOG: cert authentication is only supported on hostssl connections. "cert" authentication is authentication with SSL (TLS) certificates. You cannot use that authentication without SSL. That is why you have to use "hostssl". Yours, Laurenz Albe
But if i provide cert authentication in host type and provide certificates then it should work.no ?
Otherwise the documentation is not clear about this limitation.
Thanks,
Dhirendra.
On Fri, Nov 25, 2022 at 12:39 PM Laurenz Albe <laurenz.albe@cybertec.at> wrote:
On Fri, 2022-11-25 at 10:51 +0530, Dhirendra Singh wrote:
> I am using postgres version 14.
> I would like to know what is the difference between host, hostssl and hostnossl connection type.
> According to documentation,
> host => This record matches connection attempts made using TCP/IP. host records match SSL or non-SSL
> connection attempts as well as GSSAPI encrypted or non-GSSAPI encrypted connection
> attempts.
> hostssl => This record matches connection attempts made using TCP/IP, but only when the connection
> is made with SSL encryption.
> hostnossl => This record type has the opposite behavior of hostssl; it only matches connection
> attempts made over TCP/IP that do not use SSL.
>
> I provided cert authentication method for host type connection. but i get error and postgres
> does not come up. Following is the error message i get.
> LOG: cert authentication is only supported on hostssl connections.
"cert" authentication is authentication with SSL (TLS) certificates.
You cannot use that authentication without SSL. That is why you have to use "hostssl".
Yours,
Laurenz Albe
On Fri, 2022-11-25 at 12:57 +0530, Dhirendra Singh wrote: > But if i provide cert authentication in host type and provide certificates then it should work.no ? > Otherwise the documentation is not clear about this limitation. I think that the documentation (https://www.postgresql.org/docs/current/auth-cert.html) is quite clear: > This authentication method uses SSL client certificates to perform authentication. > It is therefore only available for SSL connections. True, it doesn't spell out that you will get an error if you use it with "host", but the error message was clear enough, wasn't it? Yours, Laurenz Albe
yes. The error message was clear.
but by reading the documentation it was not clear to me that it can't be used with host connection type.
Thanks for your time.
On Fri, Nov 25, 2022 at 1:14 PM Laurenz Albe <laurenz.albe@cybertec.at> wrote:
On Fri, 2022-11-25 at 12:57 +0530, Dhirendra Singh wrote:
> But if i provide cert authentication in host type and provide certificates then it should work.no ?
> Otherwise the documentation is not clear about this limitation.
I think that the documentation (https://www.postgresql.org/docs/current/auth-cert.html)
is quite clear:
> This authentication method uses SSL client certificates to perform authentication.
> It is therefore only available for SSL connections.
True, it doesn't spell out that you will get an error if you use it with "host",
but the error message was clear enough, wasn't it?
Yours,
Laurenz Albe