entire Distinguished Name (DN) of the certificate.
This option is probably best used in conjunction with a username map.
The comparison is done with the DN in
-
tools.ietf.org/html/rfc2253">RFC 2253+
datatracker.ietf.org/doc/html/rfc2253">RFC 2253 format. To see the DN of a client certificate
in this format, do
Ident authentication, which
relies on an Identification Protocol
- (
tools.ietf.org/html/rfc1413">RFC 1413)+ (
datatracker.ietf.org/doc/html/rfc1413">RFC 1413) service on the client's machine. (On local Unix-socket connections,
this is treated as peer authentication.)
The method scram-sha-256 performs SCRAM-SHA-256
authentication, as described in
-
tools.ietf.org/html/rfc7677">RFC 7677. It+
datatracker.ietf.org/doc/html/rfc7677">RFC 7677. It is a challenge-response scheme that prevents password sniffing on
untrusted connections and supports storing passwords on the server in a
cryptographically hashed form that is thought to be secure.
GSSAPI is an industry-standard protocol
for secure authentication defined in
-
tools.ietf.org/html/rfc2743">RFC 2743.+
datatracker.ietf.org/doc/html/rfc2743">RFC 2743. supports
GSSAPI for authentication,
communications encryption, or both.
The Identification Protocol
is described in
-
tools.ietf.org/html/rfc1413">RFC 1413.+
datatracker.ietf.org/doc/html/rfc1413">RFC 1413. Virtually every Unix-like
operating system ships with an ident server that listens on TCP
port 113 by default. The basic functionality of an ident server
Set to 1 to make the connection between PostgreSQL and the LDAP server
use TLS encryption. This uses the StartTLS
- operation per
tools.ietf.org/html/rfc4513">RFC 4513.+ operation per
datatracker.ietf.org/doc/html/rfc4513">RFC 4513. See also the ldapscheme option for an alternative.
ldapurl
- An
tools.ietf.org/html/rfc4516">RFC 4516+ An
datatracker.ietf.org/doc/html/rfc4516">RFC 4516 LDAP URL. This is an alternative way to write some of the
other LDAP options in a more compact and standard form. The format is
OpenLDAP as the LDAP client library, the
ldapserver setting may be omitted. In that case, a
list of host names and ports is looked up via
-
tools.ietf.org/html/rfc2782">RFC 2782 DNS SRV records.+
datatracker.ietf.org/doc/html/rfc2782">RFC 2782 DNS SRV records. The name _ldap._tcp.DOMAIN is looked up, where
DOMAIN is extracted from ldapbasedn.
the date and time.
PostgreSQL accepts that format on
input, but on output it uses a space rather than T, as shown
above. This is for readability and for consistency with
-
tools.ietf.org/html/rfc3339">RFC 3339 as+
datatracker.ietf.org/doc/html/rfc3339">RFC 3339 as well as some other database systems.
The data type uuid stores Universally Unique Identifiers
- (UUID) as defined by
tools.ietf.org/html/rfc4122">RFC 4122,+ (UUID) as defined by
datatracker.ietf.org/doc/html/rfc4122">RFC 4122, ISO/IEC 9834-8:2005, and related standards.
(Some systems refer to this data type as a globally unique identifier, or
connection parameters. There are two accepted formats for these strings:
plain keyword/value strings
and URIs. URIs generally follow
-
tools.ietf.org/html/rfc3986">RFC+
datatracker.ietf.org/doc/html/rfc3986">RFC 3986, except that multi-host connection strings are allowed
as further described below.
The connection
URI needs to be encoded with
- url="https://tools.ietf.org/html/rfc3986#section-2.1">percent-encoding
+ url="https://datatracker.ietf.org/doc/html/rfc3986#section-2.1">percent-encoding
if it includes symbols with special meaning in any of its parts. Here is
an example where the equal sign (=) is replaced with
%3D and the space character with
LDAP query will be performed. The result must be a list of
keyword = value pairs which will be used to set
connection options. The URL must conform to
-
tools.ietf.org/html/rfc1959">RFC 1959+
datatracker.ietf.org/doc/html/rfc1959">RFC 1959 and be of the form
ldap://[hostname[:port]]/search_base?attribute?search_scope?filter
For backward compatibility with earlier versions of PostgreSQL, the host
IP address is verified in a manner different
- from
tools.ietf.org/html/rfc6125">RFC 6125.+ from
datatracker.ietf.org/doc/html/rfc6125">RFC 6125. The host IP address is always matched against dNSName
SANs as well as iPAddress SANs, and can be matched
against the Common Name attribute if no relevant SANs exist.
The functions here implement the encryption part of the OpenPGP
- (
tools.ietf.org/html/rfc4880">RFC 4880)+ (
datatracker.ietf.org/doc/html/rfc4880">RFC 4880) standard. Supported are both symmetric-key and public-key encryption.
respectively. The frontend might close the connection at this point
if it is dissatisfied with the response. To continue after
G, using the GSSAPI C bindings as discussed in
-
tools.ietf.org/html/rfc2744">RFC 2744+
datatracker.ietf.org/doc/html/rfc2744">RFC 2744 or equivalent, perform a
GSSAPI initialization by
calling gss_init_sec_context() in a loop and sending
the result to the server, starting with an empty input and then with each
The implemented SASL mechanisms at the moment
are SCRAM-SHA-256 and its variant with channel
binding SCRAM-SHA-256-PLUS. They are described in
- detail in
tools.ietf.org/html/rfc7677">RFC 7677- and
tools.ietf.org/html/rfc5802">RFC 5802.+ detail in
datatracker.ietf.org/doc/html/rfc7677">RFC 7677+ and
datatracker.ietf.org/doc/html/rfc5802">RFC 5802.
writes column values separated by commas, applying the quoting
rules described in
-
tools.ietf.org/html/rfc4180">RFC 4180.+
datatracker.ietf.org/doc/html/rfc4180">RFC 4180. This output is compatible with the CSV format of the server's
COPY command.
A header line with column names is generated unless
email does not support all valid email characters as
- defined by
tools.ietf.org/html/rfc5322">RFC 5322.+ defined by
datatracker.ietf.org/doc/html/rfc5322">RFC 5322. Specifically, the only non-alphanumeric characters supported for
email user names are period, dash, and underscore.
shows the functions available to
generate UUIDs.
The relevant standards ITU-T Rec. X.667, ISO/IEC 9834-8:2005, and
-
tools.ietf.org/html/rfc4122">RFC 4122+
datatracker.ietf.org/doc/html/rfc4122">RFC 4122 specify four algorithms for generating UUIDs, identified by the
version numbers 1, 3, 4, and 5. (There is no version 2 algorithm.)
Each of these algorithms could be suitable for a different set of
projects / postgresql.git / commitdiff