Re: Allow superuser to grant passwordless connection rights on postgres_fdw

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>
Cc: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Allow superuser to grant passwordless connection rights on postgres_fdw
Date: 2019-11-01 16:58:51
Message-ID: CA+TgmoZe-EEvJwtpWu8mW2=exzJ3kHZt1FB=ic01h5X1qNyiZw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Oct 31, 2019 at 4:58 PM Andrew Dunstan
<andrew(dot)dunstan(at)2ndquadrant(dot)com> wrote:
> This patch allows the superuser to grant passwordless connection rights
> in postgres_fdw user mappings.

This is clearly something that we need, as the current code seems
woefully ignorant of the fact that passwords are not the only
authentication method supported by PostgreSQL, nor even the most
secure.

But, I do wonder a bit if we ought to think harder about the overall
authentication model for FDW. Like, maybe we'd take a different view
of how to solve this particular piece of the problem if we were
thinking about how FDWs could do LDAP authentication, SSL
authentication, credentials forwarding...

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tomas Vondra 2019-11-01 16:59:50 Re: pglz performance
Previous Message Justin Pryzby 2019-11-01 16:58:43 Re: update ALTER TABLE with ATTACH PARTITION lock mode (docs)