Re: Support kerberos authentication for postgres_fdw - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Support kerberos authentication for postgres_fdw
Date
Msg-id 2092292.1625838580@sss.pgh.pa.us
Whole thread Raw
In response to Support kerberos authentication for postgres_fdw  (Peifeng Qiu <peifengq@vmware.com>)
Responses Re: Support kerberos authentication for postgres_fdw
List pgsql-hackers
Peifeng Qiu <peifengq@vmware.com> writes:
> I'd like to add kerberos authentication support for postgres_fdw by adding two
> options to user mapping: krb_client_keyfile and gssencmode.

As you note, this'd have to be restricted to superusers, which makes it
seem like a pretty bad idea.  We really don't want to be in a situation
of pushing people to run day-to-day stuff as superuser.  Yeah, having
access to kerberos auth sounds good on the surface, but it seems like
it would be a net loss in security because of that.

Is there some other way?

            regards, tom lane



pgsql-hackers by date:

Previous
From: Masahiko Sawada
Date:
Subject: Re: Transactions involving multiple postgres foreign servers, take 2
Next
From: Amul Sul
Date:
Subject: Re: [CLOBBER_CACHE]Server crashed with segfault 11 while executing clusterdb