entire Distinguished Name (DN) of the certificate.
This option is probably best used in conjunction with a username map.
The comparison is done with the DN in
-
tools.ietf.org/html/rfc2253">RFC 2253+
datatracker.ietf.org/doc/html/rfc2253">RFC 2253 format. To see the DN of a client certificate
in this format, do
Ident authentication, which
relies on an Identification Protocol
- (
tools.ietf.org/html/rfc1413">RFC 1413)+ (
datatracker.ietf.org/doc/html/rfc1413">RFC 1413) service on the client's machine. (On local Unix-socket connections,
this is treated as peer authentication.)
The method scram-sha-256 performs SCRAM-SHA-256
authentication, as described in
-
tools.ietf.org/html/rfc7677">RFC 7677. It+
datatracker.ietf.org/doc/html/rfc7677">RFC 7677. It is a challenge-response scheme that prevents password sniffing on
untrusted connections and supports storing passwords on the server in a
cryptographically hashed form that is thought to be secure.
GSSAPI is an industry-standard protocol
for secure authentication defined in
-
tools.ietf.org/html/rfc2743">RFC 2743.+
datatracker.ietf.org/doc/html/rfc2743">RFC 2743. supports
GSSAPI for authentication,
communications encryption, or both.
The Identification Protocol
is described in
-
tools.ietf.org/html/rfc1413">RFC 1413.+
datatracker.ietf.org/doc/html/rfc1413">RFC 1413. Virtually every Unix-like
operating system ships with an ident server that listens on TCP
port 113 by default. The basic functionality of an ident server
Set to 1 to make the connection between PostgreSQL and the LDAP server
use TLS encryption. This uses the StartTLS
- operation per
tools.ietf.org/html/rfc4513">RFC 4513.+ operation per
datatracker.ietf.org/doc/html/rfc4513">RFC 4513. See also the ldapscheme option for an alternative.
ldapurl
- An
tools.ietf.org/html/rfc4516">RFC 4516+ An
datatracker.ietf.org/doc/html/rfc4516">RFC 4516 LDAP URL. This is an alternative way to write some of the
other LDAP options in a more compact and standard form. The format is
OpenLDAP as the LDAP client library, the
ldapserver setting may be omitted. In that case, a
list of host names and ports is looked up via
-
tools.ietf.org/html/rfc2782">RFC 2782 DNS SRV records.+
datatracker.ietf.org/doc/html/rfc2782">RFC 2782 DNS SRV records. The name _ldap._tcp.DOMAIN is looked up, where
DOMAIN is extracted from ldapbasedn.
the date and time.
PostgreSQL accepts that format on
input, but on output it uses a space rather than T, as shown
above. This is for readability and for consistency with
-
tools.ietf.org/html/rfc3339">RFC 3339 as+
datatracker.ietf.org/doc/html/rfc3339">RFC 3339 as well as some other database systems.
The data type uuid stores Universally Unique Identifiers
- (UUID) as defined by
tools.ietf.org/html/rfc4122">RFC 4122,+ (UUID) as defined by
datatracker.ietf.org/doc/html/rfc4122">RFC 4122, ISO/IEC 9834-8:2005, and related standards.
(Some systems refer to this data type as a globally unique identifier, or
connection parameters. There are two accepted formats for these strings:
plain keyword/value strings
and URIs. URIs generally follow
-
tools.ietf.org/html/rfc3986">RFC+
datatracker.ietf.org/doc/html/rfc3986">RFC 3986, except that multi-host connection strings are allowed
as further described below.
The connection
URI needs to be encoded with
- url="https://tools.ietf.org/html/rfc3986#section-2.1">percent-encoding
+ url="https://datatracker.ietf.org/doc/html/rfc3986#section-2.1">percent-encoding
if it includes symbols with special meaning in any of its parts. Here is
an example where the equal sign (=) is replaced with
%3D and the space character with
LDAP query will be performed. The result must be a list of
keyword = value pairs which will be used to set
connection options. The URL must conform to
-
tools.ietf.org/html/rfc1959">RFC 1959+
datatracker.ietf.org/doc/html/rfc1959">RFC 1959 and be of the form
ldap://[hostname[:port]]/search_base?attribute?search_scope?filter
The functions here implement the encryption part of the OpenPGP
- (
tools.ietf.org/html/rfc4880">RFC 4880)+ (
datatracker.ietf.org/doc/html/rfc4880">RFC 4880) standard. Supported are both symmetric-key and public-key encryption.
respectively. The frontend might close the connection at this point
if it is dissatisfied with the response. To continue after
G, using the GSSAPI C bindings as discussed in
-
tools.ietf.org/html/rfc2744">RFC 2744+
datatracker.ietf.org/doc/html/rfc2744">RFC 2744 or equivalent, perform a
GSSAPI initialization by
calling gss_init_sec_context() in a loop and sending
the result to the server, starting with an empty input and then with each
The implemented SASL mechanisms at the moment
are SCRAM-SHA-256 and its variant with channel
binding SCRAM-SHA-256-PLUS. They are described in
- detail in
tools.ietf.org/html/rfc7677">RFC 7677- and
tools.ietf.org/html/rfc5802">RFC 5802.+ detail in
datatracker.ietf.org/doc/html/rfc7677">RFC 7677+ and
datatracker.ietf.org/doc/html/rfc5802">RFC 5802.
writes column values separated by commas, applying the quoting
rules described in
-
tools.ietf.org/html/rfc4180">RFC 4180.+
datatracker.ietf.org/doc/html/rfc4180">RFC 4180. This output is compatible with the CSV format of the server's
COPY command.
A header line with column names is generated unless
email does not support all valid email characters as
- defined by
tools.ietf.org/html/rfc5322">RFC 5322.+ defined by
datatracker.ietf.org/doc/html/rfc5322">RFC 5322. Specifically, the only non-alphanumeric characters supported for
email user names are period, dash, and underscore.
shows the functions available to
generate UUIDs.
The relevant standards ITU-T Rec. X.667, ISO/IEC 9834-8:2005, and
-
tools.ietf.org/html/rfc4122">RFC 4122+
datatracker.ietf.org/doc/html/rfc4122">RFC 4122 specify four algorithms for generating UUIDs, identified by the
version numbers 1, 3, 4, and 5. (There is no version 2 algorithm.)
Each of these algorithms could be suitable for a different set of
projects / postgresql.git / commitdiff