| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Craig Ringer <craig(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow postgres_fdw passwordless non-superuser conns with prior superuser permission |
| Date: | 2018-08-06 07:24:50 |
| Message-ID: | 1533540290.2780.8.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Craig Ringer wrote:
> Currently postgres_fdw cannot be used with 'cert' authentication, i.e. client-certificate validation
> and cert cn => postgres username mapping. You also can't use things like Kerberos, SSPI, etc with
> a superuser-created FDW and username map.
>
> To permit this, I'd like to allow postgres_fdw user mappings to be created with a new
> 'permit_passwordless' option. Only the superuser is allowed to create such a mapping.
> If it's set to true, we bypass the check_conn_params(...) connection-string password check
> and the connect_pg_server(...) check for the conn using a password when a non-superuser
> establishes a connection.
>
> This doesn't re-open CVE-2007-6601 because the superuser has to explicitly grant the access.
I have wished for a feature like that before, so +1 on the idea.
ALTER USER MAPPING has to be restricted to superusers as well.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2018-08-06 07:47:53 | Re: [HACKERS] Optional message to user when terminating/cancelling backend |
| Previous Message | Heikki Linnakangas | 2018-08-06 06:45:32 | Re: Handling better supported channel binding types for SSL implementations |