On Thu, Nov 13, 2008 at 05:31, Magnus Hagander <[EMAIL PROTECTED]> wrote: > Attached patch implements client certificate authentication. > > I kept this sitting in my tree without sending it in before the > commitfest because it is entirely dependent on the > not-yet-reviewed-and-applied patch for how to configure client > certificate requesting. But now that I learned how to do it right in > git, breaking it out was very easy :-) Good learning experience. > > Anyway. Here it is. Builds on top of the "clientcert option for pg_hba" > patch already on the list.
Patch looks good to me and works as described. Would cncert be a better auth_method name? As later we might have different types of ssl client cert authentication?? My only concern is there is no way to specify the USER_CERT_FILE for libpq. So if for example I have two users that I want to use cert authentication for I really have to have to users on the system (or i guess maybe you could fake HOME=... psql -U other_user). Or am I missing a way around this? (granted this might be a non-issue for now as you can use trust clientcert=1 in pg_hba.conf with your other patch?) -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers