[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-admin
Subject:    Re: Certificate Authentication method question about mapping
From:       Laurenz Albe <laurenz.albe () cybertec ! at>
Date:       2023-09-28 6:10:08
Message-ID: 19f87c6646f3acbf092ae2cea51beb2f0ae4c492.camel () cybertec ! at
[Download RAW message or body]

On Wed, 2023-09-27 at 20:34 -0600, Blake Rich wrote:
> Recently our CA updated their S/MIME certificates.   We've used them for both email \
> as well as certificate authentication with mapping in postgresql.    However our \
> options for certificates ended up shifting to an Organization certificate, where \
> the person's name is no longer the CN of the cert, but rather the CN is the \
> Organization's name.   Is there any way with certificate mapping to use a field \
> other than CN to map to a database user?   I've searched the archives and online \
> and can't find any details indicating any way to do so, but I'm hopeful.    
> Old certs that worked to filter out the first name as the username had
> 
> CN = firstname lastname
> E = firstname.lastname@<org>.<com>
> 
> New certs have  
> 
> 
> CN = <org name>
> E = firstname.lastname@<org>.<com>
> 
> I can't seem to figure out how to look at the E = field or even if it is possible.  \
> Any insight would be greatly appreciated.

I don't think that's possible, short of modifying PostgreSQL.

Yours,
Laurenz Albe


[prev in list] [next in list] [prev in thread] [next in thread]