Peifeng Qiu <peifengq@vmware.com> writes:
> I'd like to add kerberos authentication support for postgres_fdw by adding two
> options to user mapping: krb_client_keyfile and gssencmode.
As you note, this'd have to be restricted to superusers, which makes it
seem like a pretty bad idea. We really don't want to be in a situation
of pushing people to run day-to-day stuff as superuser. Yeah, having
access to kerberos auth sounds good on the surface, but it seems like
it would be a net loss in security because of that.
Is there some other way?
regards, tom lane