20.12. Certificate Authentication
This authentication method uses SSL client certificates to perform authentication. It is therefore only available for SSL connections. When using this authentication method, the server will require that the client provide a valid, trusted certificate. No password prompt will be sent to the client. The cn
(Common Name) attribute of the certificate will be compared to the requested database user name, and if they match the login will be allowed. User name mapping can be used to allow cn
to be different from the database user name.
The following configuration options are supported for SSL certificate authentication:
map
-
Allows for mapping between system and database user names. See Section 20.2 for details.
It is redundant to use the clientcert
option with cert
authentication because cert
authentication is effectively trust
authentication with clientcert=verify-full
.
© 1996–2021 The PostgreSQL Global Development Group
Licensed under the PostgreSQL License.
https://www.postgresql.org/docs/13/auth-cert.html