[pgpool-hackers: 3016] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II

[Jesper Pedersen]

Hi,

On 08/28/2018 11:47 PM, Tatsuo Ishii wrote:
>> I still think that people will look to secure their entire stack
>> though.
> 
> Yeah I think so too. However we are running out time in this
> development cycle.
>

Actually, I'm starting to think that too. I would need support for 
clientcert=1 in pool_hba, which is new development too, so def 4.1 for that.

I'll prepare a patch for master based on my patch so far.

>> Currently, there are no certificate based test cases, which causes
>> some problems. Especially with setups where Pgpool-II requires
>> specific certificates installed in the PostgreSQL instance. Maybe add
>> a manual test case, and instructions on how to set it up ?
> 
> Since each regression test includes PosgreSQL instances, it should not
> be a problem. You should be able to install certificates to the
> instances while running the test. Today I have added SSL connection
> test (not certificate auth). Maybe that's a good start point for you.
> 

Ok - I'll just hard-code a user account then, since the certificate 
needs the username in the CommonName field.

Best regards,
  Jesper