May 2018
Intermediate to advanced
576 pages
30h 25m
English
If the clientcert=1 option is set for a hostssl row in pg_hba.conf, then PostgreSQL accepts only connection requests accompanied by a valid certificate.
The validity of the certificate is checked against certificates present in the root.crt file in the server data directory.
If there is a root.crl file, then the presented certificate is looked for in this file and, if found, is rejected.
After the client certificate is validated and the SSL connection is established, the server proceeds to validate the actual connecting user using whatever authentication method is specified in the corresponding hostssl line.
In the following example, clients from a special address can connect as any user when using an SSL certificate, and they ...