| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | "Dirschel, Steve" <steve(dot)dirschel(at)thomsonreuters(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Postgres_fdw- User Mapping with md5-hashed password |
| Date: | 2025-04-08 20:33:50 |
| Message-ID: | 740ba459-94ef-475a-912f-8b1e77e36dd8@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 4/8/25 13:00, Dirschel, Steve wrote:
> I know I can create user steve_test with password testpassword122 as md5 by doing:
>
> select 'md5'||md5('testpassword122steve_test'); Returns --> md5eb7e220574bf85096ee99370ad67cbd3
>
> CREATE USER steve_test WITH PASSWORD 'md5eb7e220574bf85096ee99370ad67cbd3';
>
> And then I can login as steve_test with password testpassword122.
>
> I'm trying to use similar logic when creating a user mapping:
>
> CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'md5eb7e220574bf85096ee99370ad67cbd3');
>
> When I try and import a foreign schema I get an error:
>
> ERROR: could not connect to server "steve_snap0"
>
> If I create the user mapping with the password:
>
> CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'testpassword122');
>
> It works fine.
>
> Is it not possible to use the same logic for the user mapping password that can be used when creating a user?
A) Short version
No you can't.
b) Long version
From here:
CREATE ROLE
https://www.postgresql.org/docs/current/sql-createrole.html
"If the presented password string is already in MD5-encrypted or
SCRAM-encrypted format, then it is stored as-is regardless of
password_encryption (since the system cannot decrypt the specified
encrypted password string, to encrypt it in a different format). This
allows reloading of encrypted passwords during dump/restore."
Whereas from here:
https://www.postgresql.org/docs/current/postgres-fdw.html
" user mapping, defined with CREATE USER MAPPING, is needed as well to
identify the role that will be used on the remote server:
CREATE USER MAPPING FOR local_user
SERVER foreign_server
OPTIONS (user 'foreign_user', password 'password');
"
In the above you are just supplying values to the connection string not
actually creating a password as in the first case.
>
> Thanks in advance.
> This e-mail is for the sole use of the intended recipient and contains information that may be privileged and/or confidential. If you are not an intended recipient, please notify the sender by return e-mail and delete this e-mail and any attachments. Certain required legal entity disclosures can be accessed on our website: https://www.thomsonreuters.com/en/resources/disclosures.html
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amitabh Kant | 2025-04-09 01:50:56 | Re: timescaledb vs NULL vs pg_timeseries vs partman + pgcron + pg_ivm |
| Previous Message | Dirschel, Steve | 2025-04-08 20:00:58 | Postgres_fdw- User Mapping with md5-hashed password |