[pgpool-hackers: 2993] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II
Jesper Pedersen
jesper.pedersen at redhat.com
Sat Aug 25 01:12:12 JST 2018
Hi,
On 08/23/2018 01:53 PM, Jesper Pedersen wrote:
> I think we should add a _pgpool_ identifier to the SSL configuration to
> make it clear that its 2) that is being supported at the moment, like
> ssl_pgpool_cert and so on. 3) and 4) could be ssl_backend_ based ones.
>
Here is a start in that direction. I added the documentation for the
ssl_backend_ settings, but those needs a discussion. They are
* ssl_backend_users_cert_dir
Maybe just a directory structure, like
sslusers/user1/pgpool.key
sslusers/user1/pgpool.crt
sslusers/user2/pgpool.key
sslusers/user2/pgpool.crt
and so on, if option is 'sslusers'.
* ssl_backend_mode
I think we can assume that all connections share their policy. Default
is require.
* ssl_backend_cert_auth
Certificate authority. Shared by all connections.
* ssl_backend_cert_revoke_list
Certificate revoke list. Shared by all connections.
FYI, I havn't looked at the Client to Pgpool-II part yet in detail.
Best regards,
Jesper
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Rename-ssl_-to-ssl_pgpool_.patch
Type: text/x-patch
Size: 28043 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20180824/fb3fe20a/attachment-0001.bin>
More information about the pgpool-hackers
mailing list