So, one has to use "cert clientcert=1" and not just "cert" in hba_conf? So "clientcert" is an auth-method option of "cert"? That isn't exactly clear in the hba_conf documentation - https://www.postgresql.org/docs/9.4/static/auth-methods.html#AUTH-CERT . That part of the document doesn't mention what you just said.
On Fri, Jul 15, 2016 at 6:33 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Srikanth Venkatesh <sri...@gmail.com> writes: > > I guess it should mention that setting the parameter to 1 is no longer > > required... and that the default is 1 for "cert". > > In what way is it no longer required? Without that flag set, there's > no insistence on a validated client cert. > > regards, tom lane >
