Re: postgres_fdw and Kerberos authentication

From: Jean-Marc Lessard <Jean-Marc(dot)Lessard(at)ultra-ft(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: postgres_fdw and Kerberos authentication
Date: 2016-06-01 16:12:02
Message-ID: 8FC5F25FF3EC4744ADFCF20CBA3F44BE84BE8F60@SRV-CAMTL-EXCH2.Forensictech.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Stephen Frost [sfrost(at)snowman(dot)net] wrote:
> The database owner operating system user has to be trusted, along with any superusers in the database, but if you assume those, then having PG manage the different Kerberos cache files
> (one for each backend which has authenticated via Kerberos and passed through delegation credentials) should work.
> Clearly, we can't give the user control over which credential cache to use.

True, in such a case (single sign on) the user should not specify a user in the user mapping, so that its own Kerberos ticket be used to authenticate.

> Having to trust the OS user and superusers with those credentials isn't any different from using passwords with postgres_fdw.

OS user and superusers, should not have access and allowed to manage the credential files.

For example, in a secure environment with separation of duties at the organization level (tier1, tier3, superuser, sys admins, etc), the tier1 DB users cannot connect onto the DB server (as OS user), but may move data form one database to another.
I agree that tier1 users cannot query the catalog and see other user password, but a superuser can, which is considered a security breach by auditors.
Storing a password in plain text even for a short period of time is unfortunately not authorized.

Thanks!

Jean-Marc Lessard
Administrateur de base de données / Database Administrator
Ultra Electronics Forensic Technology Inc.
T +1 514 489 4247 x4164
www.ultra-forensictechnology.com<http://www.ultra-forensictechnology.com>

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Jim Longwill 2016-06-01 17:16:39 Re: Checkpoint Err on Startup of Rsynced System
Previous Message Jeff Janes 2016-06-01 15:44:41 Re: Checkpoint Err on Startup of Rsynced System