Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tIyQo-000DKO-E8 for pgsql-hackers@arkaria.postgresql.org; Wed, 04 Dec 2024 23:05:18 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tIyQl-00348z-F5 for pgsql-hackers@arkaria.postgresql.org; Wed, 04 Dec 2024 23:05:16 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tIyQl-00348q-3q for pgsql-hackers@lists.postgresql.org; Wed, 04 Dec 2024 23:05:16 +0000 Received: from mail-lf1-x136.google.com ([2a00:1450:4864:20::136]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tIyQj-00157u-IY for pgsql-hackers@lists.postgresql.org; Wed, 04 Dec 2024 23:05:14 +0000 Received: by mail-lf1-x136.google.com with SMTP id 2adb3069b0e04-53df67d6659so306283e87.3 for ; Wed, 04 Dec 2024 15:05:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jeltef.nl; s=google; t=1733353512; x=1733958312; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=u9ezXPIK5YakfWYF2VZE8GOR3KADJmXtIf23KuNSksM=; b=hWtjey96j1aBdg20f/pecVe+fEjVM7w2N2mm6fkVvc53Dk2IUda8k+AO4rmE1eWk3y uTKonTd8b7dKisTEiomFFaufNkPN26Xe+sMcP6MUXH+KHMP213T6Mq7o/LLeV02U/bk5 K1b21S+xViqSzv7Gia5sQ36jIoyFrjjtwpzOthpRekqGqU6Lsk0QenlLp8RVnG2nHguc 8FPGG+Us4nDVirRQwPztyH494k6pKTz9dDRkvRexvUeKoEEgsR0EFad2jNQaDg6qDo6E 1rIrbM8F/PUOvHgx9HvVh5Y/3KrQVz1a+SYc+IA/4cPFCZUhwaRPqunOs8g4Z7AxznJT adSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733353512; x=1733958312; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u9ezXPIK5YakfWYF2VZE8GOR3KADJmXtIf23KuNSksM=; b=hg3nzLeYNhtZ2nCNoi55Mc+GjVd4zzwRbLcNv/7D2TIfVf8180ycMEwlbxVz1eXpvy TsGSZmEeDhQfcYlZycj2ytt3L7DQ/xlFJJSGI/+RBNDr7rvx0ONUx0k89L+mvg5u1tgZ Y0Bf4/GTsImioG/eZNJqMLNdZukicHNCPhFq4JpBP6xrnVUTftb/jgCA369KdNB5wxAD a/u7SK8JkVFChPQttxf8dHu+8XsQDmvcKuK5V9aDOLHmLBJFlMtNbvRbliBXGFgAsB6V kTkW5ZEqRUfcZSmZrH5XRrCO0TQlhXwTFlwS4jvUEm3ozh3H5TY5KnLg+OyKdEOclFJw nqNw== X-Forwarded-Encrypted: i=1; AJvYcCUlmwtN2DGEPDn8Au64AYdD3WngJ75qRsky3m4HQ+qKaiqzp+UKCW2rBxlseowuwe/7+k5ICU9gnr0xHfaN@lists.postgresql.org X-Gm-Message-State: AOJu0Ywk6uRyoAo2OHh3Z2/Xw6//Vl/OvYdSZCgcX7AFiU5LhWuw/av0 N5LtrLiajZ53eIWHaTMTlmS6Fg6Y77YSXKQ6ZE/tndlX3PaMbu/VwQug1OBs7Gr9IPw4oRoDs/9 onhPFo8wqqb55QBXwBRpE7TZZmQGrc5b7LjQ/Bg== X-Gm-Gg: ASbGncvCmnytwi3hpAU2c+bwCuPRkk9hN+zFvD2zMqaMSEgtWwhuDAaYDHi02RGDoUh pqMWnAUupE8Fc54uBZkOU+I2z6n0qbWYhG35nr9z7mo4wdJc2Cifdz6fRUf/BeA== X-Google-Smtp-Source: AGHT+IGMNpzgUbDgMspekeRJnhpv6itBdtM13KXyJ8DAkbRFTwCAoIsUF6alFND0L4wYJ8Iow78FolMXaA8IiZ6ROv8= X-Received: by 2002:a05:6512:3d89:b0:53d:ed19:d25a with SMTP id 2adb3069b0e04-53e12a06d4dmr7227095e87.32.1733353511912; Wed, 04 Dec 2024 15:05:11 -0800 (PST) MIME-Version: 1.0 References: <27b29a35-9b96-46a9-bc1a-914140869dac@gmail.com> In-Reply-To: From: Jelte Fennema-Nio Date: Thu, 5 Dec 2024 00:05:00 +0100 Message-ID: Subject: Re: SCRAM pass-through authentication for postgres_fdw To: Jacob Champion Cc: Matheus Alcantara , PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, 4 Dec 2024 at 23:11, Jacob Champion wrote: > It makes me a little uneasy to give users a reason to copy identical > salts/verifiers around... But for e.g. a loopback connection, it seems > like there'd be no additional risk. Is that the target use case? I don't think that necessarily has to be the usecase, clustering/sharding setups could benefit from this too. PgBouncer supports the same functionality[1]. I only see advantages over the alternative, which is copying the plaintext password around. In case of compromise of the server, only the salt+verifier has to be rotated, not the actual user password. Regarding the actual patch: This definitely needs a bunch of documentation explaining how to use this and when not to use this.