0

I have a postgresql database server running inside a docker container. The connection being attempted uses a client certificate AND a password. But it seems that, when using a sslmode='verify-full' in the connection string and cert clientcert=verify-full in pg_hba.conf, the password is ignored. So, my question is: can I use md5|scram-sha-256 AND clientcert='verify-full' at the same time?

I looked into the following SO question: In PostgreSQL , can certificate authentication and basic authentication(username/password authentication) co-exist at one time?

But, the answers are mixed and I cannot find a definitive answer.

I also tried using md5 clientcert=verify-full in pg_hba.conf but it seemed that the client certificate was ignored. So, I'm thinking that I can only choose one or the other, but I'm not sure.

If you can, provide a reference from an official source.

Mahmoud Mousa Hamad
  • 538
  • 8
  • 21

1 Answers1

0

The top answer seems quite clear to me and the docs are still the best place to see the structure of pg_hba.conf

https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

I suspect where you tried two methods the second one is being treated as options for the first method. Unrecognised options might well be ignored.

Richard Huxton
  • 21,516
  • 3
  • 39
  • 51