SCRAM pass-through authentication for postgres_fdw
Matheus Alcantara <matheusssilv97@gmail.com>
From: Matheus Alcantara <matheusssilv97@gmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2024-12-04T18:44:51Z
Lists: pgsql-hackers
Attachments
- v1-0001-postgres_fdw-SCRAM-authentication-pass-through.patch (text/plain) patch v1-0001
Hi, The attached a patch enables SCRAM authentication for postgres_fdw connections without requiring plain-text password on user mapping properties. This is achieved by storing the SCRAM ClientKey and ServerKey obtained during client authentication with the backend. These keys are then used to complete the SCRAM exchange between the backend and the fdw server, eliminating the need to derive them from a stored plain-text password. I think that some documentation updates may be necessary for this change. If so, I plan to submit an updated patch with the relevant documentation changes in the coming days. This patch is based on a previous WIP patch from Peter Eisentraut [1] [1] https://github.com/petere/postgresql/commit/90009ccd736e99d65c59b9078d14d76fffc2426a -- Matheus Alcantara EDB: https://www.enterprisedb.com
Commits
-
postgres_fdw and dblink should check if backend has MyProcPort
- 762fed90bfee 18.0 landed
- 138750dde4a8 19 (unreleased) landed
-
postgres_fdw: SCRAM authentication pass-through
- 761c79508e7f 18.0 landed