From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | pgsql: Superuser can permit passwordless connections on postgres_fdw |
Date: | 2019-12-20 05:55:10 |
Message-ID: | E1iiBFm-0001RN-N2@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers pgsql-hackers |
Superuser can permit passwordless connections on postgres_fdw
Currently postgres_fdw doesn't permit a non-superuser to connect to a
foreign server without specifying a password, or to use an
authentication mechanism that doesn't use the password. This is to avoid
using the settings and identity of the user running Postgres.
However, this doesn't make sense for all authentication methods. We
therefore allow a superuser to set "password_required 'false'" for user
mappings for the postgres_fdw. The superuser must ensure that the
foreign server won't try to rely solely on the server identity (e.g.
trust, peer, ident) or use an authentication mechanism that relies on the
password settings (e.g. md5, scram-sha-256).
This feature is a prelude to better support for sslcert and sslkey
settings in user mappings.
Author: Craig Ringer.
Discussion: https://postgr.es/m/075135da-545c-f958-fed0-5dcb462d6dae@2ndQuadrant.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/6136e94dcb88c50b6156aa646746565400e373d4
Modified Files
--------------
contrib/postgres_fdw/connection.c | 42 +++++++++---
contrib/postgres_fdw/expected/postgres_fdw.out | 94 ++++++++++++++++++++++++++
contrib/postgres_fdw/option.c | 19 ++++++
contrib/postgres_fdw/sql/postgres_fdw.sql | 86 +++++++++++++++++++++++
doc/src/sgml/postgres-fdw.sgml | 24 +++++++
5 files changed, 257 insertions(+), 8 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2019-12-20 07:22:27 | pgsql: Fix compiler warnings on MSYS2 |
Previous Message | Robert Haas | 2019-12-19 19:56:38 | pgsql: Extend the ProcSignal mechanism to support barriers. |
From | Date | Subject | |
---|---|---|---|
Next Message | Masahiko Sawada | 2019-12-20 06:17:08 | Re: PATCH: logical_work_mem and logical streaming of large in-progress transactions |
Previous Message | Simon Riggs | 2019-12-20 05:46:43 | Re: Optimizing TransactionIdIsCurrentTransactionId() |