| From: | Jean-Marc Lessard <Jean-Marc(dot)Lessard(at)ultra-ft(dot)com> |
|---|---|
| To: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | postgres_fdw and Kerberos authentication |
| Date: | 2016-05-31 19:42:56 |
| Message-ID: | 8FC5F25FF3EC4744ADFCF20CBA3F44BE84BE8DEE@SRV-CAMTL-EXCH2.Forensictech.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
postgres_fdw is a great feature, but several organizations disallow to hold any kind of passwords as plain text.
Providing the superuser role is not either an option.
A nice way to meet security requirements would be to provide single sign on support for the postgres_fdw.
As long as you have defined a user in the source and destination databases, and configure the Kerberos authentication you should be able to use postgres_fdw.
I tried without success as follow:
jml(at)dcx1-005-jml =# CREATE SERVER "dcx1-006-jml" FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'dcx1-006-jml', dbname 'ibis');
jml(at)dcx1-005-jml =# CREATE USER MAPPING FOR CURRENT_USER SERVER "dcx1-006-jml" OPTIONS (user 'jml');
jml(at)dcx1-005-jml =# IMPORT FOREIGN SCHEMA ibisl0 FROM SERVER "dcx1-006-jml" INTO "dcx1-006-jml";
ERROR: could not connect to server "dcx1-006-jml"
DETAIL: FATAL: SSPI authentication failed for user "jml"
Am I doing something wrong or postgres_fdw does not support Kerberos authentication?
Is there any plan to support Kerberos authentication?
Jean-Marc Lessard
Administrateur de base de donn?es / Database Administrator
Ultra Electronics Forensic Technology Inc.
T +1 514 489 4247 x4164
www.ultra-forensictechnology.com<http://www.ultra-forensictechnology.com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joseph Kregloh | 2016-05-31 19:58:59 | Log Shipping |
| Previous Message | Scott Mead | 2016-05-31 18:50:13 | Re: Checkpoint Err on Startup of Rsynced System |