[pgpool-hackers: 3016] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II
Jesper Pedersen
jesper.pedersen at redhat.com
Thu Aug 30 02:44:09 JST 2018
Hi,
On 08/28/2018 11:47 PM, Tatsuo Ishii wrote:
>> I still think that people will look to secure their entire stack
>> though.
>
> Yeah I think so too. However we are running out time in this
> development cycle.
>
Actually, I'm starting to think that too. I would need support for
clientcert=1 in pool_hba, which is new development too, so def 4.1 for that.
I'll prepare a patch for master based on my patch so far.
>> Currently, there are no certificate based test cases, which causes
>> some problems. Especially with setups where Pgpool-II requires
>> specific certificates installed in the PostgreSQL instance. Maybe add
>> a manual test case, and instructions on how to set it up ?
>
> Since each regression test includes PosgreSQL instances, it should not
> be a problem. You should be able to install certificates to the
> instances while running the test. Today I have added SSL connection
> test (not certificate auth). Maybe that's a good start point for you.
>
Ok - I'll just hard-code a user account then, since the certificate
needs the username in the CommonName field.
Best regards,
Jesper
More information about the pgpool-hackers
mailing list