Home > mailing lists

Re: dblink: Add SCRAM pass-through authentication - Mailing list pgsql-hackers

From	Jacob Champion
Subject	Re: dblink: Add SCRAM pass-through authentication
Date	March 7 00:58:55
Msg-id	CAOYmi+kLUU8UtnDRaRevmjd4QADoD=dAS87vwvUFi50TmvX6DQ@mail.gmail.com Whole thread Raw
In response to	Re: dblink: Add SCRAM pass-through authentication (Peter Eisentraut <peter@eisentraut.org>)
Responses	Re: dblink: Add SCRAM pass-through authentication
List	pgsql-hackers

Tree view

On Thu, Mar 6, 2025 at 12:33 PM Peter Eisentraut <peter@eisentraut.org> wrote:
> AFAICT, in pgfdw_security_check(), if SCRAM has been used for the
> outgoing server connection, then PQconnectionUsedPassword() is true, and
> then this check should fail if no "password" parameter was given.  That
> check should be expanded to allow alternatively passing the SCRAM key
> component parameters.

pgfdw_security_check() is currently not called if SCRAM passthrough is
in use, though:

>        /*
>         * Perform post-connection security checks only if scram pass-through
>         * is not being used because the password is not necessary.
>         */
>        if (!(MyProcPort->has_scram_keys && UseScramPassthrough(server, user)))
>            pgfdw_security_check(keywords, values, user, conn);

--Jacob

pgsql-hackers by date:

From: Melanie Plageman
Date: 07 March, 00:54:34
Subject: Re: what's going on with lapwing?

From: Robert Haas
Date: 07 March, 00:59:16
Subject: Re: what's going on with lapwing?

Re: dblink: Add SCRAM pass-through authentication - Mailing list pgsql-hackers

Previous

Next