SCRAM pass-through authentication for postgres_fdw

Matheus Alcantara <matheusssilv97@gmail.com>

From: Matheus Alcantara <matheusssilv97@gmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-12-04T18:44:51Z
Lists: pgsql-hackers

Attachments

Hi,

The attached a patch enables SCRAM authentication for postgres_fdw 
connections without requiring plain-text password on user mapping 
properties.

This is achieved by storing the SCRAM ClientKey and ServerKey obtained 
during client authentication with the backend. These keys are then 
used to complete the SCRAM exchange between the backend and the fdw 
server, eliminating the need to derive them from a stored plain-text 
password.

I think that some documentation updates may be necessary for this 
change. If so, I plan to submit an updated patch with the relevant 
documentation changes in the coming days.

This patch is based on a previous WIP patch from Peter Eisentraut [1]

[1] 
https://github.com/petere/postgresql/commit/90009ccd736e99d65c59b9078d14d76fffc2426a

-- 
Matheus Alcantara
EDB: https://www.enterprisedb.com

Commits

  1. postgres_fdw and dblink should check if backend has MyProcPort

  2. postgres_fdw: SCRAM authentication pass-through