postgres_fdw is a great feature, but several organizations disallow to hold any kind of passwords as plain text.
Providing the superuser role is not either an option.
A nice way to meet security requirements would be to provide single sign on support for the postgres_fdw.
As long as you have defined a user in the source and destination databases, and configure the Kerberos authentication you should be able to use postgres_fdw.
I tried without success as follow:
jml@dcx1-005-jml =# CREATE SERVER "dcx1-006-jml" FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'dcx1-006-jml', dbname 'ibis');
jml@dcx1-005-jml =# CREATE USER MAPPING FOR CURRENT_USER SERVER "dcx1-006-jml" OPTIONS (user 'jml');
jml@dcx1-005-jml =# IMPORT FOREIGN SCHEMA ibisl0 FROM SERVER "dcx1-006-jml" INTO "dcx1-006-jml";
ERROR: could not connect to server "dcx1-006-jml"
DETAIL: FATAL: SSPI authentication failed for user "jml"
Am I doing something wrong or postgres_fdw does not support Kerberos authentication?
Is there any plan to support Kerberos authentication?
Jean-Marc Lessard
Administrateur de base de données / Database Administrator
Ultra Electronics Forensic Technology Inc.
T +1 514 489 4247 x4164
www.ultra-forensictechnology.com
