| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jean-Marc Lessard <Jean-Marc(dot)Lessard(at)ultra-ft(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: postgres_fdw and Kerberos authentication |
| Date: | 2016-06-01 03:46:42 |
| Message-ID: | 17978.1464752802@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Jean-Marc Lessard <Jean-Marc(dot)Lessard(at)ultra-ft(dot)com> writes:
> A nice way to meet security requirements would be to provide single sign on support for the postgres_fdw.
> As long as you have defined a user in the source and destination databases, and configure the Kerberos authentication you should be able to use postgres_fdw.
It's not really that easy, because postgres_fdw (like the server in
general) is running as the database-owner operating system user.
How will you associate a Postgres role that's responsible for a
particular connection request with some Kerberos credentials,
while keeping it away from credentials that belong to other roles?
This is certainly something that'd be useful to have, but it's not
clear how to do it in a secure fashion.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | sri harsha | 2016-06-01 04:07:26 | Change in order of criteria - reg |
| Previous Message | Adrian Klaver | 2016-05-31 23:48:48 | Re: Row security policies documentation question |