Home > mailing lists

Re: Postgres_fdw- User Mapping with md5-hashed password - Mailing list pgsql-general

From	Adrian Klaver
Subject	Re: Postgres_fdw- User Mapping with md5-hashed password
Date	April 8 23:33:50
Msg-id	740ba459-94ef-475a-912f-8b1e77e36dd8@aklaver.com Whole thread Raw
In response to	Postgres_fdw- User Mapping with md5-hashed password ("Dirschel, Steve" <steve.dirschel@thomsonreuters.com>)
List	pgsql-general

Tree view

On 4/8/25 13:00, Dirschel, Steve wrote:
> I know I can create user steve_test with password testpassword122 as md5 by doing:
> 
> select 'md5'||md5('testpassword122steve_test');  Returns --> md5eb7e220574bf85096ee99370ad67cbd3
> 
> CREATE USER steve_test WITH  PASSWORD 'md5eb7e220574bf85096ee99370ad67cbd3';
> 
> And then I can login as steve_test with password testpassword122.
> 
> I'm trying to use similar logic when creating a user mapping:
> 
> CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password
'md5eb7e220574bf85096ee99370ad67cbd3');
> 
> When I try and import a foreign schema I get an error:
> 
> ERROR:  could not connect to server "steve_snap0"
> 
> If I create the user mapping with the password:
> 
> CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'testpassword122');
> 
> It works fine.
> 
> Is it not possible to use the same logic for the user mapping password that can be used when creating a user?

A) Short version

    No you can't.

b) Long version

 From here:

CREATE ROLE

https://www.postgresql.org/docs/current/sql-createrole.html

"If the presented password string is already in MD5-encrypted or 
SCRAM-encrypted format, then it is stored as-is regardless of 
password_encryption (since the system cannot decrypt the specified 
encrypted password string, to encrypt it in a different format). This 
allows reloading of encrypted passwords during dump/restore."

Whereas from here:

https://www.postgresql.org/docs/current/postgres-fdw.html

" user mapping, defined with CREATE USER MAPPING, is needed as well to 
identify the role that will be used on the remote server:

CREATE USER MAPPING FOR local_user
         SERVER foreign_server
         OPTIONS (user 'foreign_user', password 'password');
"

In the above you are just supplying values to the connection string not 
actually creating a password as in the first case.



> 
> Thanks in advance.
> This e-mail is for the sole use of the intended recipient and contains information that may be privileged and/or
confidential.If you are not an intended recipient, please notify the sender by return e-mail and delete this e-mail and
anyattachments. Certain required legal entity disclosures can be accessed on our website:
https://www.thomsonreuters.com/en/resources/disclosures.html

-- 
Adrian Klaver
adrian.klaver@aklaver.com

pgsql-general by date:

From: "Dirschel, Steve"
Date: 08 April, 23:00:58
Subject: Postgres_fdw- User Mapping with md5-hashed password

From: Amitabh Kant
Date: 09 April, 04:50:56
Subject: Re: timescaledb vs NULL vs pg_timeseries vs partman + pgcron + pg_ivm

Re: Postgres_fdw- User Mapping with md5-hashed password - Mailing list pgsql-general

Previous

Next