Search Postgresql Archives

Re: Postgres_fdw- User Mapping with md5-hashed password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 4/8/25 13:00, Dirschel, Steve wrote:

I know I can create user steve_test with password testpassword122 as md5 by doing:

select 'md5'||md5('testpassword122steve_test');  Returns --> md5eb7e220574bf85096ee99370ad67cbd3

CREATE USER steve_test WITH  PASSWORD 'md5eb7e220574bf85096ee99370ad67cbd3';

And then I can login as steve_test with password testpassword122.

I'm trying to use similar logic when creating a user mapping:

CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'md5eb7e220574bf85096ee99370ad67cbd3');

When I try and import a foreign schema I get an error:

ERROR:  could not connect to server "steve_snap0"

If I create the user mapping with the password:

CREATE USER MAPPING FOR postgres SERVER steve_snap0 OPTIONS (user 'steve_test', password 'testpassword122');

It works fine.

Is it not possible to use the same logic for the user mapping password that can be used when creating a user?


A) Short version

   No you can't.

b) Long version

From here:

CREATE ROLE

https://www.postgresql.org/docs/current/sql-createrole.html
"If the presented password string is already in MD5-encrypted or SCRAM-encrypted format, then it is stored as-is regardless of password_encryption (since the system cannot decrypt the specified encrypted password string, to encrypt it in a different format). This allows reloading of encrypted passwords during dump/restore." 

Whereas from here:

https://www.postgresql.org/docs/current/postgres-fdw.html
" user mapping, defined with CREATE USER MAPPING, is needed as well to identify the role that will be used on the remote server: 

CREATE USER MAPPING FOR local_user
        SERVER foreign_server
        OPTIONS (user 'foreign_user', password 'password');
"
In the above you are just supplying values to the connection string not actually creating a password as in the first case. 





Thanks in advance.
This e-mail is for the sole use of the intended recipient and contains information that may be privileged and/or confidential. If you are not an intended recipient, please notify the sender by return e-mail and delete this e-mail and any attachments. Certain required legal entity disclosures can be accessed on our website: https://www.thomsonreuters.com/en/resources/disclosures.html


--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux