[pgpool-hackers: 3000] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II
Tatsuo Ishii
ishii at sraoss.co.jp
Mon Aug 27 17:26:44 JST 2018
Thanks for the patch.
I assume this is going to be handled in 4.1 development cycle unless
otherwise Usama wants to import into 4.0.
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
From: Jesper Pedersen <jesper.pedersen at redhat.com>
Subject: [pgpool-hackers: 2993] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II
Date: Fri, 24 Aug 2018 12:12:12 -0400
Message-ID: <c01c739b-8720-cc93-7f9e-b9fab275de25 at redhat.com>
> Hi,
>
> On 08/23/2018 01:53 PM, Jesper Pedersen wrote:
>> I think we should add a _pgpool_ identifier to the SSL configuration
>> to make it clear that its 2) that is being supported at the moment,
>> like ssl_pgpool_cert and so on. 3) and 4) could be ssl_backend_ based
>> ones.
>>
>
> Here is a start in that direction. I added the documentation for the
> ssl_backend_ settings, but those needs a discussion. They are
>
> * ssl_backend_users_cert_dir
>
> Maybe just a directory structure, like
>
> sslusers/user1/pgpool.key
> sslusers/user1/pgpool.crt
> sslusers/user2/pgpool.key
> sslusers/user2/pgpool.crt
>
> and so on, if option is 'sslusers'.
>
> * ssl_backend_mode
>
> I think we can assume that all connections share their policy. Default
> is require.
>
> * ssl_backend_cert_auth
>
> Certificate authority. Shared by all connections.
>
> * ssl_backend_cert_revoke_list
>
> Certificate revoke list. Shared by all connections.
>
>
> FYI, I havn't looked at the Client to Pgpool-II part yet in detail.
>
> Best regards,
> Jesper
More information about the pgpool-hackers
mailing list