Received: from maia.hub.org (maia-2.hub.org [200.46.204.251])
	by mail.postgresql.org (Postfix) with ESMTP id 45B561337B67
	for <pgsql-docs-postgresql.org@mail.postgresql.org>;
	Sat,  7 May 2011 15:03:27 -0300 (ADT)
Received: from mail.postgresql.org ([200.46.204.86])
	by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia,
	port 10024) with ESMTP id 87136-08 for
	<pgsql-docs-postgresql.org@mail.postgresql.org>;
	Sat,  7 May 2011 18:03:09 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from kerneljack.com (kerneljack.com [89.16.173.229])
	by mail.postgresql.org (Postfix) with ESMTP id 41639133655C
	for <pgsql-docs@postgresql.org>; Sat,  7 May 2011 15:03:09 -0300 (ADT)
Received: from [217.33.138.50] (helo=sony-vaio.telnic.local)
	by kerneljack.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.63)
	(envelope-from <mailing-lists@kerneljack.com>) id 1QIlqM-0003nh-Sb
	for pgsql-docs@postgresql.org; Sat, 07 May 2011 18:03:06 +0000
Message-ID: <4DC5895A.5050207@kerneljack.com>
Date: Sat, 07 May 2011 19:03:06 +0100
From: Khusro Jaleel <mailing-lists@kerneljack.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.9.2.17) Gecko/20110428 Fedora/3.1.10-1.fc14 Thunderbird/3.1.10
MIME-Version: 1.0
To: pgsql-docs@postgresql.org
Subject: Re: Error in SSL config documentation?
References: <4DC575F6.4060508@kerneljack.com>
	<BANLkTim+=1zT5=4y-ymjAyREvZ5LBX0Fcw@mail.gmail.com>
In-Reply-To: <BANLkTim+=1zT5=4y-ymjAyREvZ5LBX0Fcw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=-1.91 tagged_above=-5 required=5 tests=BAYES_00=-1.9,
	T_RP_MATCHES_RCVD=-0.01
X-Spam-Level: 
X-Archive-Number: 201105/29
X-Sequence-Number: 6704

On 07/05/11 18:46, Magnus Hagander wrote:

> clientcert=1 makes the server request a client certificate - but does
> not use it for authentication. So the client just has to present *any
> valid* client certificate, and can then use whatever other
> authenticaiton method is specified (md5, ldap, etc).

Ah, I see now. When you wrote "clientcert=1" above, that made me realise 
that I was making a mistake. I was using "clientcert" in the 
authentication method column, and you can't use it there because it's an 
"option" to "any other auth method" and not a auth method on its own.

I did read the doc and this was not clear to me at first, so perhaps it 
could be made clearer?

Thanks for your help,
Khusro