May 2018
Intermediate to advanced
576 pages
30h 25m
English
It is possible to use the client certificate for two purposes at once: proving that the connecting client is a valid one, and selecting the database user to be used for the connection.
For this, you set the authentication method to cert in the hostssl line:
hostssl all all 0.0.0.0/0 cert
As you can see, the clientcert=1 option used with hostssl to require client certificates is no longer required, being implied by the cert method itself.
When using the cert authentication method, a valid client certificate is required, and the cn (short for, common name) attribute of the certificate will be compared to the requested database username. The login will be allowed only if they match.