On Thu, Mar 6, 2025 at 12:33 PM Peter Eisentraut <pe...@eisentraut.org> wrote: > AFAICT, in pgfdw_security_check(), if SCRAM has been used for the > outgoing server connection, then PQconnectionUsedPassword() is true, and > then this check should fail if no "password" parameter was given. That > check should be expanded to allow alternatively passing the SCRAM key > component parameters.
pgfdw_security_check() is currently not called if SCRAM passthrough is in use, though: > /* > * Perform post-connection security checks only if scram pass-through > * is not being used because the password is not necessary. > */ > if (!(MyProcPort->has_scram_keys && UseScramPassthrough(server, user))) > pgfdw_security_check(keywords, values, user, conn); --Jacob
