|
postgres_fdw is a great feature, but several organizations disallow to hold any kind of passwords as plain text. Providing the superuser role is not either an option. A nice way to meet security requirements would be to provide single sign on support for the postgres_fdw. As long as you have defined a user in the source and destination databases, and configure the Kerberos authentication you should be able to use postgres_fdw. I tried without success as follow: jml@dcx1-005-jml =# CREATE SERVER "dcx1-006-jml" FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host 'dcx1-006-jml', dbname 'ibis'); jml@dcx1-005-jml =# CREATE USER MAPPING FOR CURRENT_USER SERVER "dcx1-006-jml" OPTIONS (user 'jml');
jml@dcx1-005-jml =# IMPORT FOREIGN SCHEMA ibisl0 FROM SERVER "dcx1-006-jml" INTO "dcx1-006-jml"; ERROR: could not connect to server "dcx1-006-jml" DETAIL: FATAL: SSPI authentication failed for user "jml" Am I doing something wrong or postgres_fdw does not support Kerberos authentication? Is there any plan to support Kerberos authentication? Jean-Marc Lessard |
