[pgpool-hackers: 2997] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II

Tatsuo Ishii ishii at sraoss.co.jp
Mon Aug 27 10:50:19 JST 2018


> Hi,
> 
> On 08/23/2018 11:58 PM, Tatsuo Ishii wrote:
>>>> The goal is to have SCRAM-SHA256 with SSL client certificate
>>>> authentication in the entire stack: client <-> pgpool <-> PostgreSQL.
>> I am a little bit confused. In my understanding SSL certificate
>> authentication does not require password authentication including
>> SCRAM auth.
>> 
> 
> It doesn't with
> 
> hostssl all all all cert clientcert=1
> 
> However, I require clients to always use SCRAM in my setup; with /
> without SSL.

You want to do these,

Client <--SSL/SCRAM --> Pgpool-II
Client <--non SSL/SCRAM --> Pgpool-II

but you don't want to do this?

Client <--SSL/SSL Cert auth --> Pgpool-II

But you said:
>>>> The goal is to have SCRAM-SHA256 with SSL client certificate
>>>> authentication in the entire stack: client <-> pgpool <-> PostgreSQL.

So I am confused.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp


More information about the pgpool-hackers mailing list