Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u2Fdt-00FIr1-W7 for pgsql-general@arkaria.postgresql.org; Tue, 08 Apr 2025 20:33:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u2Fds-00FCDl-8V for pgsql-general@arkaria.postgresql.org; Tue, 08 Apr 2025 20:33:56 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u2Fdr-00FCDX-7Z for pgsql-general@lists.postgresql.org; Tue, 08 Apr 2025 20:33:56 +0000 Received: from fhigh-a8-smtp.messagingengine.com ([103.168.172.159]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1u2Fdp-003kDT-0m for pgsql-general@lists.postgresql.org; Tue, 08 Apr 2025 20:33:54 +0000 Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44]) by mailfhigh.phl.internal (Postfix) with ESMTP id 18EAA11400FA; Tue, 8 Apr 2025 16:33:52 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-04.internal (MEProxy); Tue, 08 Apr 2025 16:33:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1744144432; x=1744230832; bh=0D06XzTiDgnByX9VeIGyrQAfvSYzsmBRTyEB22/ncTU=; b= L5bb+Dk6yAtmPbc0ZEh+LFGA0YfA6ZapYMwN013+ZPoWHUcSRXh9lTfzqxAg+0Ql Z1sBPIpSLUlYAFdNF66wZL7YgOCrM6vyiZeMUvXP9W2TJ/VmpAwzKrMo+oBPjder sik9YCTfTsVE0UBg08+x9gCHvi4nu23TMdTXfFEV9Fh97A9UFq28HK8ecNlcKS7j kFjZPog8e+cKg0CDczCZA+BVq5FLs3MJcdIIl+7HSbehP7kJPdvM8l6kkuf81lPy 0XV+A5gOOQRFzeV+MurwJe7SlyjxmmOcppeIxz5wuDJ0/nXhfQB+q/vWfz8RIgQp e7CYeb7zV6Ba6YevTHolkQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1744144432; x=1744230832; bh=0 D06XzTiDgnByX9VeIGyrQAfvSYzsmBRTyEB22/ncTU=; b=oxcjZ0NvQTiU4dUXr xFtggy7BF5Ea2Ufgp4uaFjndqOI7pb2VzqkGrgsaVyKyaSouxibBPAq7j+3iln4g KHC1MGCO5cI8MzkIF2YJq1GaRjXHp8r0wXP+V7OPYSuD0RA7zNngeqHPt0naKRTV 8ngFMuTWXq+0oXDmzvBPX6GYGiQ/OA4rPlKuGVvHM9suViLy/zGMMV43V8N6xuVR Ba1JQReJW7o7+mJaw3rT9kvm3uNpraXr7ffVyHrduwoGaJzOH8iO/J40KMLL0BsU g+hO9vLxBRrdhAt/LtCVkMKOjs5PXHex1iSpCPNg3Cc9WVif6w1MkrbPpmlxvOsV ZIpig== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvtdegtdeiucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih gvnhhtshculddquddttddmnecujfgurhepkfffgggfuffvfhfhjggtgfesthejredttddv jeenucfhrhhomheptegurhhirghnucfmlhgrvhgvrhcuoegrughrihgrnhdrkhhlrghvvg hrsegrkhhlrghvvghrrdgtohhmqeenucggtffrrghtthgvrhhnpeeuffelkeegveevveek gefgudetheejgfejhfdvfefgieevffeujeetvdekteeuleenucffohhmrghinhepphhosh htghhrvghsqhhlrdhorhhgpdhthhhomhhsohhnrhgvuhhtvghrshdrtghomhenucevlhhu shhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrughrihgrnhdrkh hlrghvvghrsegrkhhlrghvvghrrdgtohhmpdhnsggprhgtphhtthhopedvpdhmohguvgep shhmthhpohhuthdprhgtphhtthhopehsthgvvhgvrdguihhrshgthhgvlhesthhhohhmsh honhhrvghuthgvrhhsrdgtohhmpdhrtghpthhtohepphhgshhqlhdqghgvnhgvrhgrlhes lhhishhtshdrphhoshhtghhrvghsqhhlrdhorhhg X-ME-Proxy: Feedback-ID: i76984098:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 8 Apr 2025 16:33:51 -0400 (EDT) Message-ID: <740ba459-94ef-475a-912f-8b1e77e36dd8@aklaver.com> Date: Tue, 8 Apr 2025 13:33:50 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Postgres_fdw- User Mapping with md5-hashed password To: "Dirschel, Steve" , "pgsql-general@lists.postgresql.org" References: <2992983d-b237-4cc0-91d7-e3bc8de25006@joeconway.com> Content-Language: en-US From: Adrian Klaver In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 4/8/25 13:00, Dirschel, Steve wrote: > I know I can create user steve_test with password testpassword122 as md5 by doing: > > select 'md5'||md5('testpassword122steve_test'); Returns --> md5eb7e220574bf85096ee99370ad67cbd3 > > CREATE USER steve_test WITH PASSWORD 'md5eb7e220574bf85096ee99370ad67cbd3'; > > And then I can login as steve_test with password testpassword122. > > I'm trying to use similar logic when creating a user mapping: > > CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'md5eb7e220574bf85096ee99370ad67cbd3'); > > When I try and import a foreign schema I get an error: > > ERROR: could not connect to server "steve_snap0" > > If I create the user mapping with the password: > > CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'testpassword122'); > > It works fine. > > Is it not possible to use the same logic for the user mapping password that can be used when creating a user? A) Short version No you can't. b) Long version From here: CREATE ROLE https://www.postgresql.org/docs/current/sql-createrole.html "If the presented password string is already in MD5-encrypted or SCRAM-encrypted format, then it is stored as-is regardless of password_encryption (since the system cannot decrypt the specified encrypted password string, to encrypt it in a different format). This allows reloading of encrypted passwords during dump/restore." Whereas from here: https://www.postgresql.org/docs/current/postgres-fdw.html " user mapping, defined with CREATE USER MAPPING, is needed as well to identify the role that will be used on the remote server: CREATE USER MAPPING FOR local_user SERVER foreign_server OPTIONS (user 'foreign_user', password 'password'); " In the above you are just supplying values to the connection string not actually creating a password as in the first case. > > Thanks in advance. > This e-mail is for the sole use of the intended recipient and contains information that may be privileged and/or confidential. If you are not an intended recipient, please notify the sender by return e-mail and delete this e-mail and any attachments. Certain required legal entity disclosures can be accessed on our website: https://www.thomsonreuters.com/en/resources/disclosures.html -- Adrian Klaver adrian.klaver@aklaver.com