Greetings,
* Bruce Momjian (bruce@momjian.us) wrote:
> On Wed, Jun 24, 2020 at 09:05:30AM +0000, ROS Didier wrote:
> > I would like to use a Foreign Data Wrapper (FDW) to connect to a HADOOP cluster
> > which uses KERBEROS authentication.
Sadly, not really.
> > is it possible to achieve this ? which FDW should be used ?
>
> Well, I would use the Hadoop FDW:
>
> https://github.com/EnterpriseDB/hdfs_fdw
>
> and it only supports these authentication methods:
>
> Authentication Support
>
> The FDW supports NOSASL and LDAP authentication modes. In order to use
> NOSASL do not specify any OPTIONS while creating user mapping. For LDAP
> username and password must be specified in OPTIONS while creating user mapping.
>
> Not every FDW supports every Postgres server authentication method.
That isn't really the issue here, the problem is really that the GSSAPI
support in PG today doesn't support credential delegation- if it did,
then the HDFS FDW (and the postgres FDW) could be easily extended to
leverage those delegated credentials to connect.
That's been something that's been on my personal todo list of things to
work on but unfortunately I've not, as yet, had time to go implement. I
don't actually think it would be very hard- if someone writes it, I'd
definitely review it.
Thanks,
Stephen