| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow postgres_fdw passwordless non-superuser conns with prior superuser permission |
| Date: | 2018-08-08 06:34:23 |
| Message-ID: | CA+TgmoYyK99UwEHNigJRgCX0WOVwvrUPOoFQrmCOx=F7vP5NQw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Aug 6, 2018 at 8:52 AM, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
> Currently postgres_fdw cannot be used with 'cert' authentication, i.e.
> client-certificate validation and cert cn => postgres username mapping. You
> also can't use things like Kerberos, SSPI, etc with a superuser-created FDW
> and username map.
>
> To permit this, I'd like to allow postgres_fdw user mappings to be created
> with a new 'permit_passwordless' option. Only the superuser is allowed to
> create such a mapping. If it's set to true, we bypass the
> check_conn_params(...) connection-string password check and the
> connect_pg_server(...) check for the conn using a password when a
> non-superuser establishes a connection.
Note that ab3f008a2dc364cf7fb75de0a691fb0c61586c8e provides some
relief -- if the superuser creates a view, then as of 11, the checks
won't be applied when unprivileged users select from the view.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2018-08-08 06:55:03 | Re: REINDEX and shared catalogs |
| Previous Message | Robert Haas | 2018-08-08 06:30:45 | Re: Facility for detecting insecure object naming |