Re: Kerberos delegation support in libpq and postgres_fdw
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Jacob Champion <jchampion@timescale.com>
Cc: Stephen Frost <sfrost@snowman.net>, pgsql-hackers <pgsql-hackers@lists.postgresql.org>, Magnus Hagander <magnus@hagander.net>, Peter Eisentraut <peter.eisentraut@enterprisedb.com>, Tom Lane <tgl@sss.pgh.pa.us>, Robert Haas <robertmhaas@gmail.com>
Date: 2022-10-12T05:32:31Z
Lists: pgsql-hackers
On Mon, Sep 19, 2022 at 02:05:39PM -0700, Jacob Champion wrote: > It's not prevented, because a password is being used. In my tests I'm > connecting as an unprivileged user. > > You're claiming that the middlebox shouldn't be doing this. If this new > default behavior were the historical behavior, then I would have agreed. > But the cat's already out of the bag on that, right? It's safe today. > And if it's not safe today for some other reason, please share why, and > maybe I can work on a patch to try to prevent people from doing it. Please note that this has been marked as returned with feedback in the current CF, as this has remained unanswered for a bit more than three weeks. -- Michael
Commits
-
Add support for Kerberos credential delegation
- 3d4fa227bce4 16.0 landed