mark@mark.mielke.cc wrote:
> On Sat, Dec 30, 2006 at 06:05:14PM +0100, Martijn van Oosterhout wrote:
>> Except tht X.509 is already done (in a sense). The client can supply a
>> certificate that the server can check, and vice-versa. You can't link
>> this with the postgresql username yet, but I havn't seen any proposals
>> about how to do that.
>
> I suggest associating the SHA-1 fingerprint with the ROLE. I would love
> to have this.
I would suggest a map based on the CN. Any org with a centralized PKI
infrastructure is likely to assign certs with the userid or other unique
identifier in the CN.
//Magnus