| From: | Matheus Alcantara <matheusssilv97(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | SCRAM pass-through authentication for postgres_fdw |
| Date: | 2024-12-04 18:44:51 |
| Message-ID: | 27b29a35-9b96-46a9-bc1a-914140869dac@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
The attached a patch enables SCRAM authentication for postgres_fdw
connections without requiring plain-text password on user mapping
properties.
This is achieved by storing the SCRAM ClientKey and ServerKey obtained
during client authentication with the backend. These keys are then
used to complete the SCRAM exchange between the backend and the fdw
server, eliminating the need to derive them from a stored plain-text
password.
I think that some documentation updates may be necessary for this
change. If so, I plan to submit an updated patch with the relevant
documentation changes in the coming days.
This patch is based on a previous WIP patch from Peter Eisentraut [1]
[1]
https://github.com/petere/postgresql/commit/90009ccd736e99d65c59b9078d14d76fffc2426a
--
Matheus Alcantara
EDB: https://www.enterprisedb.com
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-postgres_fdw-SCRAM-authentication-pass-through.patch | text/plain | 17.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2024-12-04 19:02:08 | Re: Proposal: Role Sandboxing for Secure Impersonation |
| Previous Message | Robert Haas | 2024-12-04 18:01:42 | Re: deferred writing of two-phase state files adds fragility |