On 1/22/21 2:48 PM, Rob Sargent wrote:
>
>> Check out this section:
>>
>> https://www.postgresql.org/docs/12/ssl-tcp.html#SSL-CLIENT-CERTIFICATES
>>
>> "... the cn (Common Name) in the certificate matches the user name or
>> an applicable mapping."
>>
>> This section spells out what is needed for the various forms of client
>> cert SSL authentication.
>>
>>>
>>> I have specific roles accessing specific schemas via sql which is not
>>> schema qualified.
>>>
>>
>> I'm assuming this is some sort of security. Just wondering if there
>> is provision made for people who know how to do SET search_path or \dn
>> or schema qualify objects?
>>
>>
> Honest, I've been reading 18.9 but as you can see it uses CN for host
> and then 20.12 suggests using CN for role.
Difference between server certificate and client certificate.
To get a handle on this is going to take an outline of what your
authentication needs are?
>
> Yes, I'm confused. As I said in reply to Jeff, I would rather not need
> to remember to set the search_path, which I can avoid if I login as "role".
I have not seen that conversation and I do not see it in the archive
either. Is that off-list, different thread, something else?
--
Adrian Klaver
adrian.klaver@aklaver.com