Обсуждение: Certificate Authentication method question about mapping
Recently our CA updated their S/MIME certificates. We've used them for both email as well as certificate authentication with mapping in postgresql. However our options for certificates ended up shifting to an Organization certificate, where the person's name is no longer the CN of the cert, but rather the CN is the Organization's name. Is there any way with certificate mapping to use a field other than CN to map to a database user? I've searched the archives and online and can't find any details indicating any way to do so, but I'm hopeful.
Old certs that worked to filter out the first name as the username had
CN = firstname lastname
E = firstname.lastname@<org>.<com>
New certs have
CN = <org name>
E = firstname.lastname@<org>.<com>
I can't seem to figure out how to look at the E = field or even if it is possible. Any insight would be greatly appreciated.
Thanks!
Blake
On Wed, 2023-09-27 at 20:34 -0600, Blake Rich wrote: > Recently our CA updated their S/MIME certificates. We've used them for both email as well as certificate authenticationwith mapping in postgresql. However our options for certificates ended up > shifting to an Organization certificate, where the person's name is no longer the CN of the cert, but rather the CN isthe Organization's name. Is there any way with certificate mapping to use a > field other than CN to map to a database user? I've searched the archives and online and can't find any details indicatingany way to do so, but I'm hopeful. > > Old certs that worked to filter out the first name as the username had > > CN = firstname lastname > E = firstname.lastname@<org>.<com> > > New certs have > > > CN = <org name> > E = firstname.lastname@<org>.<com> > > I can't seem to figure out how to look at the E = field or even if it is possible. Any insight would be greatly appreciated. I don't think that's possible, short of modifying PostgreSQL. Yours, Laurenz Albe