Re: Kerberos delegation support in libpq and postgres_fdw

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: David Christensen <david(at)pgguru(dot)net>
Cc: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Kerberos delegation support in libpq and postgres_fdw
Date: 2023-04-07 21:48:46
Message-ID: ZDCPvofV3t/
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* David Christensen (david(at)pgguru(dot)net) wrote:
> Reviewed v8; largely looking good, though I notice this hunk, which may
> arguably be a bug fix, but doesn't appear to be relevant to this specific
> patch, so could probably be debated independently (and if a bug, should
> probably be backpatched):
> diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c
> index 4229d2048c..11d41979c6 100644
> --- a/contrib/postgres_fdw/option.c
> +++ b/contrib/postgres_fdw/option.c
> @@ -288,6 +288,9 @@ InitPgFdwOptions(void)
> {"sslcert", UserMappingRelationId, true},
> {"sslkey", UserMappingRelationId, true},
> + /* gssencmode is also libpq option, same to above. */
> + {"gssencmode", UserMappingRelationId, true},
> +
> {NULL, InvalidOid, false}
> };

Hmm, yeah, hard to say if that makes sense at a user-mapping level or
not. Agreed that we could have an independent discussion regarding
that and if it should be back-patched, so removed it from this patch.

> That said, should "gssdeleg" be exposed as a user mapping? (This shows up
> in postgresql_fdw; not sure if there are other places that would be
> relevant, like in dblink somewhere as well, just a thought.)

Ah, yeah, that certainly makes sense to have as optional for a user
mapping. dblink doesn't have the distinction between server-level
options and user mapping options (as it doesn't have user mappings at
all really) so it doesn't have something similar.

Updated patch attached.



Attachment Content-Type Size
gss_delegation_v9.patch text/x-diff 73.9 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message David Christensen 2023-04-07 21:53:06 Re: Kerberos delegation support in libpq and postgres_fdw
Previous Message Tom Lane 2023-04-07 21:46:33 Re: cataloguing NOT NULL constraints