| From: | Peifeng Qiu <peifengq(at)vmware(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Support kerberos authentication for postgres_fdw |
| Date: | 2021-07-12 11:23:33 |
| Message-ID: | SA1PR05MB8030840E74603B38BC23FBB7A8159@SA1PR05MB8030.namprd05.prod.outlook.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>But in this case, what dose Kerberos give over just using a password
>based solution? It adds complexity, but what's teh actual gain?
That's due to policy of some customers. They require all login to be kerberos
based and password-less. I suppose this way they don't need to maintain
passwords in each database and the same keytab file may be used in
connections to multiple databases.
If we can do the delegation approach right, it's clearly a superior solution
since keytab file management is also quite heavy burden.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeevan Ladhe | 2021-07-12 11:28:54 | [PATCH] improve the pg_upgrade error message |
| Previous Message | ikedamsh | 2021-07-12 11:13:47 | Fix comments of heap_prune_chain() |