FDW Permissions error using MD5 encrypted password

Question

When creating Foreign Data Wrappers in Postgres 9.6, if I use the following:

CREATE SERVER foreign_server
FOREIGN DATA WRAPPER postgres_fdw
OPTIONS (host 'localhost', dbname 'database', port '5432');

-- permissions
ALTER SERVER foreign_server OWNER TO data_owner;

-- Allow a user to access the foreign server if required
GRANT USAGE ON FOREIGN SERVER foreign_server to data_owner;

-- 4. Create foreign user mapping - using md5 encrypted password 
CREATE USER MAPPING FOR data_owner SERVER foreign_server 
OPTIONS ( USER 'jeff', PASSWORD 'md5de0366066f8d96ac5bb4872b1d77b0cb!');

-- 5. Create foreign table
IMPORT FOREIGN SCHEMA foo EXCEPT
(bar )
FROM SERVER foreign_server INTO foreign_tables_schema;

Why do I get an error, when I had the password as plain text everything is fine, but when I use the encrypted md5 password I cannot import the foreign tables.

Any thoughts?

Answer 1

Can you show us where you got the idea that this should work?

There is no provision for supplying passwords as md5 hashes to postgres_fdw. Maybe there ought to be, but someone will have to implement it for it to exist.

Answer 2

You seem to have an extra ! at the end of your md5 password. You should remove it, as it can not be part of the password. How did you compute the password? Did you remember to concatenate the username and password before applying the MD5 hashing algorithm?

The whole password string should be 'md5' + 32 hexadecimal characters.

UPDATE

I think @jjanes is more right: since the server will need the password to connect to the remote instance it must have it in clear (could work in a reversible encryption scheme, but certainly not MD5) to be able to use it and present it to the remote database. So no MD5 hashed password there. The only thing that I found out related was: http://www.postgresql-archive.org/BUG-8291-postgres-fdw-does-not-re-read-USER-MAPING-after-change-td5763260.html