diff options
| author | Peter Eisentraut <peter@eisentraut.org> | 2025-01-15 17:55:18 +0100 |
|---|---|---|
| committer | Peter Eisentraut <peter@eisentraut.org> | 2025-01-15 17:58:05 +0100 |
| commit | 761c79508e7fbc33c1b11754bdde4bd03ce9cbb3 (patch) | |
| tree | 5b76973b71b307fbdc2cd3989edee4dd44e56064 /src/interfaces/libpq/fe-auth.c | |
| parent | b6463ea6ef3e46b32be96a23f3a9f47357847ce4 (diff) | |
| download | postgresql-761c79508e7fbc33c1b11754bdde4bd03ce9cbb3.tar.gz postgresql-761c79508e7fbc33c1b11754bdde4bd03ce9cbb3.zip | |
postgres_fdw: SCRAM authentication pass-through
This enables SCRAM authentication for postgres_fdw when connecting to
a foreign server without having to store a plain-text password on user
mapping options.
This is done by saving the SCRAM ClientKey and ServeryKey from the
client authentication and using those instead of the plain-text
password for the server-side SCRAM exchange. The new foreign-server
or user-mapping option "use_scram_passthrough" enables this.
Co-authored-by: Matheus Alcantara <mths.dev@pm.me>
Co-authored-by: Peter Eisentraut <peter@eisentraut.org>
Discussion: https://www.postgresql.org/message-id/flat/27b29a35-9b96-46a9-bc1a-914140869dac@gmail.com
Diffstat (limited to 'src/interfaces/libpq/fe-auth.c')
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 14a9a862f51..7e478489b71 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -559,7 +559,7 @@ pg_SASL_init(PGconn *conn, int payloadlen) * First, select the password to use for the exchange, complaining if * there isn't one and the selected SASL mechanism needs it. */ - if (conn->password_needed) + if (conn->password_needed && !conn->scram_client_key_binary) { password = conn->connhost[conn->whichhost].password; if (password == NULL) |