Home > mailing lists

Re: Allow superuser to grant passwordless connection rights on postgres_fdw - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Allow superuser to grant passwordless connection rights on postgres_fdw
Date	November 1, 2019 19:58:51
Msg-id	CA+TgmoZe-EEvJwtpWu8mW2=exzJ3kHZt1FB=ic01h5X1qNyiZw@mail.gmail.com Whole thread Raw
In response to	Allow superuser to grant passwordless connection rights onpostgres_fdw (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>)
Responses	Re: Allow superuser to grant passwordless connection rights onpostgres_fdw (Andrew Dunstan <andrew.dunstan@2ndquadrant.com>)
List	pgsql-hackers

Tree view

On Thu, Oct 31, 2019 at 4:58 PM Andrew Dunstan
<andrew.dunstan@2ndquadrant.com> wrote:
> This patch allows the superuser to grant passwordless connection rights
> in postgres_fdw user mappings.

This is clearly something that we need, as the current code seems
woefully ignorant of the fact that passwords are not the only
authentication method supported by PostgreSQL, nor even the most
secure.

But, I do wonder a bit if we ought to think harder about the overall
authentication model for FDW. Like, maybe we'd take a different view
of how to solve this particular piece of the problem if we were
thinking about how FDWs could do LDAP authentication, SSL
authentication, credentials forwarding...

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Justin Pryzby
Date: 01 November 2019, 19:58:43
Subject: Re: update ALTER TABLE with ATTACH PARTITION lock mode (docs)

From: Tomas Vondra
Date: 01 November 2019, 19:59:50
Subject: Re: pglz performance

Re: Allow superuser to grant passwordless connection rights on postgres_fdw - Mailing list pgsql-hackers

Previous

Next