Home > mailing lists

Re: Support kerberos authentication for postgres_fdw - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Support kerberos authentication for postgres_fdw
Date	July 9, 2021 16:49:40
Msg-id	2092292.1625838580@sss.pgh.pa.us Whole thread Raw
In response to	Support kerberos authentication for postgres_fdw (Peifeng Qiu <peifengq@vmware.com>)
Responses	Re: Support kerberos authentication for postgres_fdw (Magnus Hagander <magnus@hagander.net>)
List	pgsql-hackers

Tree view

Peifeng Qiu <peifengq@vmware.com> writes:
> I'd like to add kerberos authentication support for postgres_fdw by adding two
> options to user mapping: krb_client_keyfile and gssencmode.

As you note, this'd have to be restricted to superusers, which makes it
seem like a pretty bad idea.  We really don't want to be in a situation
of pushing people to run day-to-day stuff as superuser.  Yeah, having
access to kerberos auth sounds good on the surface, but it seems like
it would be a net loss in security because of that.

Is there some other way?

            regards, tom lane

pgsql-hackers by date:

From: Masahiko Sawada
Date: 09 July 2021, 16:44:54
Subject: Re: Transactions involving multiple postgres foreign servers, take 2

From: Amul Sul
Date: 09 July 2021, 16:52:53
Subject: Re: [CLOBBER_CACHE]Server crashed with segfault 11 while executing clusterdb

Re: Support kerberos authentication for postgres_fdw - Mailing list pgsql-hackers

Previous

Next