Home > mailing lists

Re: Question about cert authentication method. - Mailing list pgsql-admin

From	Jeff Janes
Subject	Re: Question about cert authentication method.
Date	November 27, 2022 18:15:43
Msg-id	CAMkU=1x3ovChrSkEks9juTM9uWfG3DLGQH+ERWQZn8Av+YDqBg@mail.gmail.com Whole thread Raw
In response to	Re: Question about cert authentication method. (Dhirendra Singh <dhirendraks@gmail.com>)
List	pgsql-admin

Tree view

On Sun, Nov 27, 2022 at 12:50 AM Dhirendra Singh <dhirendraks@gmail.com> wrote:

Yes. My question is about the log message.
Log message in the postmaster says...FATAL: certificate authentication failed for user "test (S114546)"
But certificate authentication should pass because supplied user in the connection request and CN in certificate is same.

"certificate authentication" is the name for the overall process, and that overall process did fail. The specific reason for the failure is given in the server log (but intentionally not passed to the client): 'no match in usermap "mymap"'.

It should fail afterwards with message that user "test (S114546)" does not exist

It can't get far enough to fail for that reason, because the usermap failure squashes it first. If you add a mapping for that non-existent user (or just stop using a map) then you will get an error about the user not existing.

Cheers,

Jeff

pgsql-admin by date:

From: Scott Ribe
Date: 27 November 2022, 16:58:54
Subject: Re: Disable unique constraint in Postgres

From: Ron
Date: 27 November 2022, 21:23:22
Subject: Re: Disable unique constraint in Postgres

Re: Question about cert authentication method. - Mailing list pgsql-admin

Previous

Next