Re: Kerberos delegation support in libpq and postgres_fdw

Greetings,

* David Christensen (david(at)pgguru(dot)net) wrote:
> Reviewed v8; largely looking good, though I notice this hunk, which may
> arguably be a bug fix, but doesn't appear to be relevant to this specific
> patch, so could probably be debated independently (and if a bug, should
> probably be backpatched):
>
> diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c
> index 4229d2048c..11d41979c6 100644
> --- a/contrib/postgres_fdw/option.c
> +++ b/contrib/postgres_fdw/option.c
> @@ -288,6 +288,9 @@ InitPgFdwOptions(void)
> {"sslcert", UserMappingRelationId, true},
> {"sslkey", UserMappingRelationId, true},
>
> + /* gssencmode is also libpq option, same to above. */
> + {"gssencmode", UserMappingRelationId, true},
> +
> {NULL, InvalidOid, false}
> };

Hmm, yeah, hard to say if that makes sense at a user-mapping level or
not. Agreed that we could have an independent discussion regarding
that and if it should be back-patched, so removed it from this patch.

> That said, should "gssdeleg" be exposed as a user mapping? (This shows up
> in postgresql_fdw; not sure if there are other places that would be
> relevant, like in dblink somewhere as well, just a thought.)

Ah, yeah, that certainly makes sense to have as optional for a user
mapping. dblink doesn't have the distinction between server-level
options and user mapping options (as it doesn't have user mappings at
all really) so it doesn't have something similar.

Updated patch attached.

Thanks!

Stephen