public inbox for [email protected]
help / color / mirror / Atom feedFrom: Adrian Klaver <[email protected]>
To: Dirschel, Steve <[email protected]>
To: [email protected] <[email protected]>
Subject: Re: Postgres_fdw- User Mapping with md5-hashed password
Date: Tue, 8 Apr 2025 13:33:50 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <CH0PR03MB60345DAB1097FFE1D49737B5FAB52@CH0PR03MB6034.namprd03.prod.outlook.com>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<CH0PR03MB60345DAB1097FFE1D49737B5FAB52@CH0PR03MB6034.namprd03.prod.outlook.com>
On 4/8/25 13:00, Dirschel, Steve wrote:
> I know I can create user steve_test with password testpassword122 as md5 by doing:
>
> select 'md5'||md5('testpassword122steve_test'); Returns --> md5eb7e220574bf85096ee99370ad67cbd3
>
> CREATE USER steve_test WITH PASSWORD 'md5eb7e220574bf85096ee99370ad67cbd3';
>
> And then I can login as steve_test with password testpassword122.
>
> I'm trying to use similar logic when creating a user mapping:
>
> CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'md5eb7e220574bf85096ee99370ad67cbd3');
>
> When I try and import a foreign schema I get an error:
>
> ERROR: could not connect to server "steve_snap0"
>
> If I create the user mapping with the password:
>
> CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'testpassword122');
>
> It works fine.
>
> Is it not possible to use the same logic for the user mapping password that can be used when creating a user?
A) Short version
No you can't.
b) Long version
From here:
CREATE ROLE
https://www.postgresql.org/docs/current/sql-createrole.html
"If the presented password string is already in MD5-encrypted or
SCRAM-encrypted format, then it is stored as-is regardless of
password_encryption (since the system cannot decrypt the specified
encrypted password string, to encrypt it in a different format). This
allows reloading of encrypted passwords during dump/restore."
Whereas from here:
https://www.postgresql.org/docs/current/postgres-fdw.html
" user mapping, defined with CREATE USER MAPPING, is needed as well to
identify the role that will be used on the remote server:
CREATE USER MAPPING FOR local_user
SERVER foreign_server
OPTIONS (user 'foreign_user', password 'password');
"
In the above you are just supplying values to the connection string not
actually creating a password as in the first case.
>
> Thanks in advance.
> This e-mail is for the sole use of the intended recipient and contains information that may be privileged and/or confidential. If you are not an intended recipient, please notify the sender by return e-mail and delete this e-mail and any attachments. Certain required legal entity disclosures can be accessed on our website: https://www.thomsonreuters.com/en/resources/disclosures.html
--
Adrian Klaver
[email protected]
view thread (3+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Postgres_fdw- User Mapping with md5-hashed password
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox