Re: dblink: Add SCRAM pass-through authentication

On 11.02.25 00:19, Jacob Champion wrote:
> These don't seem right to me. SCRAM passthrough should be considered
> as_part_ of the connstr/security checks, but I think it should not
> _bypass_ those checks. We have to enforce the use of the SCRAM
> credentials on the remote for safety, similarly to GSS delegation.
> (This might be a good place for `require_auth=scram-sha-256`?)
> 
> I've attached a failing test to better illustrate what I mean.
> 
> It looks like the postgres_fdw patch that landed also performs a
> bypass -- I think that may need an open item to fix? CC'd Peter.

AFAICT, in pgfdw_security_check(), if SCRAM has been used for the 
outgoing server connection, then PQconnectionUsedPassword() is true, and 
then this check should fail if no "password" parameter was given.  That 
check should be expanded to allow alternatively passing the SCRAM key 
component parameters.

But that would mean the check is too restrictive, while you are 
apparently claiming that the check is not restrictive enough?

(Also, this would appear to mean the current SCRAM pass-through code in 
postgres_fdw should mostly not work, but the tests work, so I'm confused.)