Postgresql 中文操作指南
21.12. Certificate Authentication #
此验证方法使用 SSL 客户端证书来执行验证。因此,它仅可用于 SSL 连接;请参阅 Section 19.9.2以获取 SSL 配置说明。在使用此验证方法时,服务器将要求客户端提供有效的受信任的证书。不会向客户端发送密码提示。证书的 cn(公用名称)属性将与请求的数据库用户名进行比较,如果它们匹配,则允许登录。可以使用用户名映射允许 _cn_与数据库用户名不同。
This authentication method uses SSL client certificates to perform authentication. It is therefore only available for SSL connections; see Section 19.9.2 for SSL configuration instructions. When using this authentication method, the server will require that the client provide a valid, trusted certificate. No password prompt will be sent to the client. The cn (Common Name) attribute of the certificate will be compared to the requested database user name, and if they match the login will be allowed. User name mapping can be used to allow cn to be different from the database user name.
支持以下适用于 SSL 证书认证的配置选项:
The following configuration options are supported for SSL certificate authentication:
-
map
-
Allows for mapping between system and database user names. See Section 21.2 for details.
-
使用 clientcert 选项与 cert 认证是多余的,因为 cert 认证实际上是使用 clientcert=verify-full 进行的 trust 认证。
It is redundant to use the clientcert option with cert authentication because cert authentication is effectively trust authentication with clientcert=verify-full.