From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Allow postgres_fdw passwordless non-superuser conns with prior superuser permission |
Date: | 2018-08-08 06:34:23 |
Message-ID: | CA+TgmoYyK99UwEHNigJRgCX0WOVwvrUPOoFQrmCOx=F7vP5NQw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Aug 6, 2018 at 8:52 AM, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
> Currently postgres_fdw cannot be used with 'cert' authentication, i.e.
> client-certificate validation and cert cn => postgres username mapping. You
> also can't use things like Kerberos, SSPI, etc with a superuser-created FDW
> and username map.
>
> To permit this, I'd like to allow postgres_fdw user mappings to be created
> with a new 'permit_passwordless' option. Only the superuser is allowed to
> create such a mapping. If it's set to true, we bypass the
> check_conn_params(...) connection-string password check and the
> connect_pg_server(...) check for the conn using a password when a
> non-superuser establishes a connection.
Note that ab3f008a2dc364cf7fb75de0a691fb0c61586c8e provides some
relief -- if the superuser creates a view, then as of 11, the checks
won't be applied when unprivileged users select from the view.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2018-08-08 06:55:03 | Re: REINDEX and shared catalogs |
Previous Message | Robert Haas | 2018-08-08 06:30:45 | Re: Facility for detecting insecure object naming |