blob: 95506b2ef9a2280b615d60bc9196a2b90ca77633 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>21.12. Certificate Authentication</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="auth-radius.html" title="21.11. RADIUS Authentication" /><link rel="next" href="auth-pam.html" title="21.13. PAM Authentication" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">21.12. Certificate Authentication</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="auth-radius.html" title="21.11. RADIUS Authentication">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="client-authentication.html" title="Chapter 21. Client Authentication">Up</a></td><th width="60%" align="center">Chapter 21. Client Authentication</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 15.5 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="auth-pam.html" title="21.13. PAM Authentication">Next</a></td></tr></table><hr /></div><div class="sect1" id="AUTH-CERT"><div class="titlepage"><div><div><h2 class="title" style="clear: both">21.12. Certificate Authentication</h2></div></div></div><a id="id-1.6.8.19.2" class="indexterm"></a><p>
This authentication method uses SSL client certificates to perform
authentication. It is therefore only available for SSL connections;
see <a class="xref" href="ssl-tcp.html#SSL-OPENSSL-CONFIG" title="19.9.2. OpenSSL Configuration">Section 19.9.2</a> for SSL configuration instructions.
When using this authentication method, the server will require that
the client provide a valid, trusted certificate. No password prompt
will be sent to the client. The <code class="literal">cn</code> (Common Name)
attribute of the certificate
will be compared to the requested database user name, and if they match
the login will be allowed. User name mapping can be used to allow
<code class="literal">cn</code> to be different from the database user name.
</p><p>
The following configuration options are supported for SSL certificate
authentication:
</p><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="literal">map</code></span></dt><dd><p>
Allows for mapping between system and database user names. See
<a class="xref" href="auth-username-maps.html" title="21.2. User Name Maps">Section 21.2</a> for details.
</p></dd></dl></div><p>
</p><p>
It is redundant to use the <code class="literal">clientcert</code> option with
<code class="literal">cert</code> authentication because <code class="literal">cert</code>
authentication is effectively <code class="literal">trust</code> authentication
with <code class="literal">clientcert=verify-full</code>.
</p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="auth-radius.html" title="21.11. RADIUS Authentication">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="client-authentication.html" title="Chapter 21. Client Authentication">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="auth-pam.html" title="21.13. PAM Authentication">Next</a></td></tr><tr><td width="40%" align="left" valign="top">21.11. RADIUS Authentication </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 15.5 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 21.13. PAM Authentication</td></tr></table></div></body></html>
|
