On 12/02/2013 03:15 PM, Stephen Frost wrote:
> That isn't at *all* accurate.  Authorization is handled by pg_ident and
> PG's role and grant system.  We are only using OpenSSL's trust of the
> certificate for authentication.

OK, how do I configure Postgres to only allow connections when the
client presents a certificate signed by a particular intermediate CA?

AFAIK, there is currently no way to do this.

-- 
========================================================================
Ian Pilcher                                         arequip...@gmail.com
           Sent from the cloud -- where it's already tomorrow
========================================================================


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to