Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Frost2023-04-13 12:55:07 +0000
committerStephen Frost2023-04-13 12:55:07 +0000
commit6633cfb21691840c33816a6dacaca0b504efb895 (patch)
tree8e5b72900af671f20565be34db36689832221618 /doc/src/sgml/postgres-fdw.sgml
parente2922702a3027945f139f9b0c7b4686423304e21 (diff)
De-Revert "Add support for Kerberos credential delegation"
This reverts commit 3d03b24c3 (Revert Add support for Kerberos credential delegation) which was committed on the grounds of concern about portability, but on further review and discussion, it's clear that we are better off explicitly requiring MIT Kerberos as that appears to be the only GSSAPI library currently that's under proper maintenance and ongoing development. The API used for storing credentials was added to MIT Kerberos over a decade ago while for the other libraries which appear to be mainly based on Heimdal, which exists explicitly to be a re-implementation of MIT Kerberos, the API never made it to a released version (even though it was added to the Heimdal git repo over 5 years ago..). This post-feature-freeze change was approved by the RMT. Discussion: https://postgr.es/m/ZDDO6jaESKaBgej0%40tamriel.snowman.net
Diffstat (limited to 'doc/src/sgml/postgres-fdw.sgml')
-rw-r--r--doc/src/sgml/postgres-fdw.sgml7
1 files changed, 4 insertions, 3 deletions
diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml
index a122794df3c..b9a5b0eac81 100644
--- a/doc/src/sgml/postgres-fdw.sgml
+++ b/doc/src/sgml/postgres-fdw.sgml
@@ -169,9 +169,10 @@
<literal>sslcert</literal> or <literal>sslkey</literal> settings.
</para>
<para>
- Only superusers may connect to foreign servers without password
- authentication, so always specify the <literal>password</literal> option
- for user mappings belonging to non-superusers.
+ Non-superusers may connect to foreign servers using password
+ authentication or with GSSAPI delegated credentials, so specify the
+ <literal>password</literal> option for user mappings belonging to
+ non-superusers where password authentication is required.
</para>
<para>
A superuser may override this check on a per-user-mapping basis by setting