Remove support for Kerberos V4. It seems no one is using this, it has

some security issues, and upstream has declared it "dead". Patch from
Magnus Hagander, minor editorialization from Neil Conway.

4 files changed, 11 insertions, 86 deletions

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 83611d25ffb..d2585e3a94f 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.81 2005/06/21 04:02:29 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.82 2005/06/27 02:04:23 neilc Exp $
 -->
 
 <chapter id="client-authentication">
@@ -327,17 +327,6 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
        </varlistentry>
 
        <varlistentry>
-        <term><literal>krb4</></term>
-        <listitem>
-         <para>
-          Use Kerberos V4 to authenticate the user. This is only
-          available for TCP/IP connections.  See <xref
-          linkend="kerberos-auth"> for details.
-         </para>
-        </listitem>
-       </varlistentry>
-
-       <varlistentry>
         <term><literal>krb5</></term>
         <listitem>
          <para>
@@ -623,11 +612,8 @@ local   db1,db2,@demodbs  all                         md5
    </para>
 
    <para>
-    While <productname>PostgreSQL</> supports both Kerberos 4 and 
-    Kerberos 5, only Kerberos 5 is recommended.  Kerberos 4 is
-    considered insecure and no longer recommended for general
-    use. Only one version of Kerberos can be supported in any one
-		build, and support must be enabled at build time. See
+    <productname>PostgreSQL</> supports Kerberos version 5, and it has
+	to be enabled at build time. See
 		<xref linkend="installation"> for more information.
    </para>
 
@@ -669,11 +655,9 @@ local   db1,db2,@demodbs  all                         md5
     account.  (See also <xref linkend="postgres-user">.) The location
     of the key file is specified by the <xref
     linkend="guc-krb-server-keyfile"> configuration
-    parameter. The default
-    is <filename>/etc/srvtab</> if you are using Kerberos 4 and
+    parameter. The default is
     <filename>/usr/local/pgsql/etc/krb5.keytab</> (or whichever
-    directory was specified as <varname>sysconfdir</> at build time)
-    with Kerberos 5.
+    directory was specified as <varname>sysconfdir</> at build time).
    </para>
 
    <para>
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index 547dd6436de..2f240a917b9 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.237 2005/06/21 20:45:43 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.238 2005/06/27 02:04:23 neilc Exp $ -->
 
 <chapter id="installation">
  <title><![%standalone-include[<productname>PostgreSQL</>]]>
@@ -787,12 +787,10 @@ su - postgres
       </varlistentry>
 
       <varlistentry>
-       <term><option>--with-krb4</option></term>
        <term><option>--with-krb5</option></term>
        <listitem>
         <para>
-         Build with support for Kerberos authentication. You can use
-         either Kerberos version 4 or 5, but not both.  On many
+         Build with support for Kerberos 5 authentication. On many
          systems, the Kerberos system is not installed in a location
          that is searched by default (e.g., <filename>/usr/include</>,
          <filename>/usr/lib</>), so you must use the options
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index a5bde7fc76e..74219f368b6 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.187 2005/06/26 19:16:04 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.188 2005/06/27 02:04:24 neilc Exp $
 -->
 
  <chapter id="libpq">
@@ -283,7 +283,7 @@ PGconn *PQconnectdb(const char *conninfo);
      <term><literal>krbsrvname</literal></term>
      <listitem>
       <para>
-       Kerberos service name to use when authenticating with Kerberos 4 or 5.
+       Kerberos service name to use when authenticating with Kerberos 5.
        This must match the service name specified in the server
        configuration for Kerberos authentication to succeed. (See also
        <xref linkend="kerberos-auth">.)
@@ -3813,7 +3813,7 @@ setting, and is only available if
  <primary><envar>PGKRBSRVNAME</envar></primary>
 </indexterm>
 <envar>PGKRBSRVNAME</envar> sets the Kerberos service name to use when
-authenticating with Kerberos 4 or 5.
+authenticating with Kerberos 5.
 </para>
 </listitem>
 <listitem>
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index 7ebcfc63a34..9663c7c08c6 100644
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.60 2005/06/26 19:16:04 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.61 2005/06/27 02:04:24 neilc Exp $ -->
 
 <chapter id="protocol">
  <title>Frontend/Backend Protocol</title>
@@ -265,19 +265,6 @@
      </varlistentry>
 
      <varlistentry>
-      <term>AuthenticationKerberosV4</term>
-      <listitem>
-       <para>
-        The frontend must now take part in a Kerberos V4
-        authentication dialog (not described here, part of the
-        Kerberos specification) with the server.  If this is
-        successful, the server responds with an AuthenticationOk,
-        otherwise it responds with an ErrorResponse.
-       </para>
-      </listitem>
-     </varlistentry>
-
-     <varlistentry>
       <term>AuthenticationKerberosV5</term>
       <listitem>
        <para>
@@ -1413,50 +1400,6 @@ AuthenticationOk (B)
 
 <varlistentry>
 <term>
-AuthenticationKerberosV4 (B)
-</term>
-<listitem>
-<para>
-
-<variablelist>
-<varlistentry>
-<term>
-        Byte1('R')
-</term>
-<listitem>
-<para>
-                Identifies the message as an authentication request.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(8)
-</term>
-<listitem>
-<para>
-                Length of message contents in bytes, including self.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(1)
-</term>
-<listitem>
-<para>
-                Specifies that Kerberos V4 authentication is required.
-</para>
-</listitem>
-</varlistentry>
-</variablelist>
-</para>
-</listitem>
-</varlistentry>
-
-
-<varlistentry>
-<term>
 AuthenticationKerberosV5 (B)
 </term>
 <listitem>