[Pkg-postgresql-public] Bug#779683: Bug#779683: postgresql: pg_hba scripts (mis)configures for MD5 authentication
Christoph Berg
myon at debian.org
Thu Mar 5 08:58:43 UTC 2015
Re: Stephen Frost 2015-03-04 <20150304145551.GU29780 at tamriel.snowman.net>
> > Just to put the idea out there; PGSQL currently links to OpenSSL for
> > TLS, right? TLS has support for SRP [0] [1]. This could be used for
> > password based authenticated TLS sessions without client certificates.
> > Might be less of a burden on users than deploying PKIX with
> > client-certificates while still providing proper security.
>
> That's an excellent thought.. I wasn't aware of this. Unfortunately,
> I'm not sure that we could make it the default in Debian as it requires
> server-side certificates be configured and used properly (correct?) but
> I don't see a reason to not support it and encourage its use.
We have the autogenerated snakeoil certificates that we use anyway.
If these aren't good (why?), we could put more automation in there and
generate proper certificates. That's probably more of a
distribution-wide topic and not just PostgreSQL, though.
Christoph
--
cb at df7cb.de | http://www.df7cb.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20150305/f16937e8/attachment.sig>
More information about the Pkg-postgresql-public
mailing list