Jean-Marc,
* Jean-Marc Lessard (jean-marc.less...@ultra-ft.com) wrote:
> Stephen Frost [sfr...@snowman.net] wrote:
> > The database owner operating system user has to be trusted, along with any
> > superusers in the database, but if you assume those, then having PG manage
> > the different
Stephen Frost [sfr...@snowman.net] wrote:
> The database owner operating system user has to be trusted, along with any
> superusers in the database, but if you assume those, then having PG manage
> the different Kerberos cache files
> (one for each backend which has authenticated via Kerberos
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Jean-Marc Lessard writes:
> > A nice way to meet security requirements would be to provide single sign on
> > support for the postgres_fdw.
> > As long as you have defined a user in the source and destination databases,
>
Jean-Marc Lessard writes:
> A nice way to meet security requirements would be to provide single sign on
> support for the postgres_fdw.
> As long as you have defined a user in the source and destination databases,
> and configure the Kerberos authentication you
postgres_fdw is a great feature, but several organizations disallow to hold any
kind of passwords as plain text.
Providing the superuser role is not either an option.
A nice way to meet security requirements would be to provide single sign on
support for the postgres_fdw.
As long as you have