On Fri Aug 8, 2025 at 3:31 PM -03, Peter Eisentraut wrote:
>> I've also made some tests by using the use_scram_passthrough option on
>> foreign server and if a bgworker try to use a foreign table that has
>> this option associated with the foreign server the connection will fail
>> because we don't have the MyProcPort and the password. To make it work
>> the password is required on USER MAPPING options. I think that this
>> limitation should be documented, see patch attached.
>
> The fact that SCRAM pass-through doesn't work in a background worker is
> arguably implied by the existing paragraph that says that you need to
> use SCRAM on the client side. But I think there is opportunity to
> clarify that further. The documentation currently doesn't say what
> happens if the client doesn't use SCRAM. The code then just ignores the
> use_scram_passthrough setting, and your documentation proposal also
> suggests that it would fall back to the password provided in the user
> mapping. But this could be documented more explicitly, I think.
>
I agree, thanks for the comments! What do you think about the following?
+ <para>
+ If the incoming connection to the FDW instance does not use SCRAM,
+ <literal>use_scram_passthrough</literal> is ignored and authentication
+ will instead use the password from the user mapping, if one is provided.
+ </para>
--
Matheus Alcantara
