Received: from maia.hub.org (maia-2.hub.org [200.46.204.251])
	by mail.postgresql.org (Postfix) with ESMTP id 5656F1337C2C
	for <pgsql-docs-postgresql.org@mail.postgresql.org>;
	Sat,  7 May 2011 15:10:46 -0300 (ADT)
Received: from mail.postgresql.org ([200.46.204.86])
	by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia,
	port 10024) with ESMTP id 93172-01 for
	<pgsql-docs-postgresql.org@mail.postgresql.org>;
	Sat,  7 May 2011 18:10:28 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-pw0-f46.google.com (mail-pw0-f46.google.com
	[209.85.160.46])
	by mail.postgresql.org (Postfix) with ESMTP id F196D1337C84
	for <pgsql-docs@postgresql.org>; Sat,  7 May 2011 15:09:22 -0300 (ADT)
Received: by pwi15 with SMTP id 15so1844495pwi.19
	for <pgsql-docs@postgresql.org>; Sat, 07 May 2011 11:09:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.46.195 with SMTP id x3mr2104366pbm.442.1304791761875; Sat,
	07 May 2011 11:09:21 -0700 (PDT)
Received: by 10.68.64.97 with HTTP; Sat, 7 May 2011 11:09:21 -0700 (PDT)
In-Reply-To: <4DC5895A.5050207@kerneljack.com>
References: <4DC575F6.4060508@kerneljack.com>
	<BANLkTim+=1zT5=4y-ymjAyREvZ5LBX0Fcw@mail.gmail.com>
	<4DC5895A.5050207@kerneljack.com>
Date: Sat, 7 May 2011 20:09:21 +0200
Message-ID: <BANLkTi=YF0_kPCsCnin-op+y-91yzv9BBQ@mail.gmail.com>
Subject: Re: Error in SSL config documentation?
From: Magnus Hagander <magnus@hagander.net>
To: Khusro Jaleel <mailing-lists@kerneljack.com>
Cc: pgsql-docs@postgresql.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=-1.9 tagged_above=-5 required=5 tests=BAYES_00=-1.9
X-Spam-Level: 
X-Archive-Number: 201105/30
X-Sequence-Number: 6705

On Sat, May 7, 2011 at 20:03, Khusro Jaleel
<mailing-lists@kerneljack.com> wrote:
> On 07/05/11 18:46, Magnus Hagander wrote:
>
>> clientcert=3D1 makes the server request a client certificate - but does
>> not use it for authentication. So the client just has to present *any
>> valid* client certificate, and can then use whatever other
>> authenticaiton method is specified (md5, ldap, etc).
>
> Ah, I see now. When you wrote "clientcert=3D1" above, that made me realis=
e
> that I was making a mistake. I was using "clientcert" in the authenticati=
on
> method column, and you can't use it there because it's an "option" to "an=
y
> other auth method" and not a auth method on its own.
>
> I did read the doc and this was not clear to me at first, so perhaps it
> could be made clearer?

Probalby, if you got confused. Do you have a suggestion for a better wordin=
g?

--=20
=A0Magnus Hagander
=A0Me: http://www.hagander.net/
=A0Work: http://www.redpill-linpro.com/