13 files changed, 33 insertions, 293 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index a50227068ba..6ca9212c882 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.125 2005/06/14 17:43:13 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.126 2005/06/27 02:04:24 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -69,83 +69,6 @@ static Port *pam_port_cludge;	/* Workaround for passing "Port *port"
 								 * into pam_passwd_conv_proc */
 #endif   /* USE_PAM */
 
-#ifdef KRB4
-/*----------------------------------------------------------------
- * MIT Kerberos authentication system - protocol version 4
- *----------------------------------------------------------------
- */
-
-#include "krb.h"
-
-/*
- * pg_krb4_recvauth -- server routine to receive authentication information
- *					   from the client
- *
- * Nothing unusual here, except that we compare the username obtained from
- * the client's setup packet to the authenticated name.  (We have to retain
- * the name in the setup packet since we have to retain the ability to handle
- * unauthenticated connections.)
- */
-static int
-pg_krb4_recvauth(Port *port)
-{
-	long		krbopts = 0;	/* one-way authentication */
-	KTEXT_ST	clttkt;
-	char		instance[INST_SZ + 1],
-				version[KRB_SENDAUTH_VLEN + 1];
-	AUTH_DAT	auth_data;
-	Key_schedule key_sched;
-	int			status;
-
-	strcpy(instance, "*");		/* don't care, but arg gets expanded
-								 * anyway */
-	status = krb_recvauth(krbopts,
-						  port->sock,
-						  &clttkt,
-						  pg_krb_srvnam,
-						  instance,
-						  &port->raddr.in,
-						  &port->laddr.in,
-						  &auth_data,
-						  pg_krb_server_keyfile,
-						  key_sched,
-						  version);
-	if (status != KSUCCESS)
-	{
-		ereport(LOG,
-				(errmsg("Kerberos error: %s", krb_err_txt[status])));
-		return STATUS_ERROR;
-	}
-	if (strncmp(version, PG_KRB4_VERSION, KRB_SENDAUTH_VLEN) != 0)
-	{
-		ereport(LOG,
-				(errmsg("unexpected Kerberos protocol version received from client (received \"%s\", expected \"%s\")",
-						version, PG_KRB4_VERSION)));
-		return STATUS_ERROR;
-	}
-	if (strncmp(port->user_name, auth_data.pname, SM_DATABASE_USER) != 0)
-	{
-		ereport(LOG,
-				(errmsg("unexpected Kerberos user name received from client (received \"%s\", expected \"%s\")",
-						port->user_name, auth_data.pname)));
-		return STATUS_ERROR;
-	}
-	return STATUS_OK;
-}
-
-#else
-
-static int
-pg_krb4_recvauth(Port *port)
-{
-	ereport(LOG,
-			(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-			 errmsg("Kerberos 4 not implemented on this server")));
-	return STATUS_ERROR;
-}
-#endif   /* KRB4 */
-
-
 #ifdef KRB5
 /*----------------------------------------------------------------
  * MIT Kerberos authentication system - protocol version 5
@@ -252,8 +175,7 @@ pg_krb5_init(void)
  *					   from the client
  *
  * We still need to compare the username obtained from the client's setup
- * packet to the authenticated name, as described in pg_krb4_recvauth.	This
- * is a bit more problematic in v5, as described above in pg_an_to_ln.
+ * packet to the authenticated name.
  *
  * We have our own keytab file because postgres is unlikely to run as root,
  * and so cannot read the default keytab.
@@ -380,9 +302,6 @@ auth_failed(Port *port, int status)
 		case uaReject:
 			errstr = gettext_noop("authentication failed for user \"%s\": host rejected");
 			break;
-		case uaKrb4:
-			errstr = gettext_noop("Kerberos 4 authentication failed for user \"%s\"");
-			break;
 		case uaKrb5:
 			errstr = gettext_noop("Kerberos 5 authentication failed for user \"%s\"");
 			break;
@@ -461,27 +380,16 @@ ClientAuthentication(Port *port)
 				   (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
 					errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
 						   hostinfo, port->user_name, port->database_name,
-				   port->ssl ? _("SSL on") : _("SSL off"))));
+						   port->ssl ? _("SSL on") : _("SSL off"))));
 #else
 				ereport(FATAL,
 				   (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
 					errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",
-					   hostinfo, port->user_name, port->database_name)));
+						   hostinfo, port->user_name, port->database_name)));
 #endif
 				break;
 			}
 
-		case uaKrb4:
-			/* Kerberos 4 only seems to work with AF_INET. */
-			if (port->raddr.addr.ss_family != AF_INET
-				|| port->laddr.addr.ss_family != AF_INET)
-				ereport(FATAL,
-						(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-				   errmsg("Kerberos 4 only supports IPv4 connections")));
-			sendAuthRequest(port, AUTH_REQ_KRB4);
-			status = pg_krb4_recvauth(port);
-			break;
-
 		case uaKrb5:
 			sendAuthRequest(port, AUTH_REQ_KRB5);
 			status = pg_krb5_recvauth(port);
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index bd9b84cffea..ab5d7e41674 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.141 2005/06/21 01:20:09 neilc Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.142 2005/06/27 02:04:25 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -607,8 +607,6 @@ parse_hba_auth(ListCell **line_item, UserAuth *userauth_p,
 		*userauth_p = uaIdent;
 	else if (strcmp(token, "password") == 0)
 		*userauth_p = uaPassword;
-	else if (strcmp(token, "krb4") == 0)
-		*userauth_p = uaKrb4;
 	else if (strcmp(token, "krb5") == 0)
 		*userauth_p = uaKrb5;
 	else if (strcmp(token, "reject") == 0)
@@ -694,8 +692,7 @@ parse_hba(List *line, int line_num, hbaPort *port,
 			goto hba_syntax;
 
 		/* Disallow auth methods that always need TCP/IP sockets to work */
-		if (port->auth_method == uaKrb4 ||
-			port->auth_method == uaKrb5)
+		if (port->auth_method == uaKrb5)
 			goto hba_syntax;
 
 		/* Does not match if connection isn't AF_UNIX */
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
index e13c78c5225..b47ca578ae1 100644
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -35,7 +35,7 @@
 # an IP address and netmask in separate columns to specify the set of hosts.
 #
 # METHOD can be "trust", "reject", "md5", "crypt", "password",
-# "krb4", "krb5", "ident", or "pam".  Note that "password" sends passwords
+# "krb5", "ident", or "pam".  Note that "password" sends passwords
 # in clear text; "md5" is preferred since it sends encrypted passwords.
 #
 # OPTION is the ident map or the name of the PAM service, depending on METHOD.
diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h
index 94b0976e113..9f93b7fdf85 100644
--- a/src/include/libpq/auth.h
+++ b/src/include/libpq/auth.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.28 2005/06/14 17:43:14 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.29 2005/06/27 02:04:25 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -23,8 +23,7 @@
 
 extern void ClientAuthentication(Port *port);
 
-#define PG_KRB4_VERSION "PGVER4.1"		/* at most KRB_SENDAUTH_VLEN chars */
-#define PG_KRB5_VERSION "PGVER5.1"
+#define PG_KRB5_VERSION "PGVER5.1"      /* at most KRB_SENDAUTH_VLEN chars */
 
 extern char *pg_krb_server_keyfile;
 extern char *pg_krb_srvnam;
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index 0656e6a4e82..6798a09ad98 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -4,7 +4,7 @@
  *	  Interface to hba.c
  *
  *
- * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.36 2005/02/26 18:43:34 tgl Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.37 2005/06/27 02:04:25 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -17,7 +17,6 @@
 typedef enum UserAuth
 {
 	uaReject,
-	uaKrb4,
 	uaKrb5,
 	uaTrust,
 	uaIdent,
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
index 4357b25d47f..830237d0012 100644
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.96 2004/12/31 22:03:32 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.97 2005/06/27 02:04:26 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -160,7 +160,7 @@ extern bool Db_user_namespace;
 /* These are the authentication request codes sent by the backend. */
 
 #define AUTH_REQ_OK			0	/* User is authenticated  */
-#define AUTH_REQ_KRB4		1	/* Kerberos V4 */
+#define AUTH_REQ_KRB4		1	/* Kerberos V4. Not supported any more. */
 #define AUTH_REQ_KRB5		2	/* Kerberos V5 */
 #define AUTH_REQ_PASSWORD	3	/* Password */
 #define AUTH_REQ_CRYPT		4	/* crypt password */
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index da29557e927..8e4543fb62f 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -575,9 +575,6 @@
 /* Define to the appropriate snprintf format for 64-bit ints, if any. */
 #undef INT64_FORMAT
 
-/* Define to build with Kerberos 4 support. (--with-krb4) */
-#undef KRB4
-
 /* Define to build with Kerberos 5 support. (--with-krb5) */
 #undef KRB5
 
diff --git a/src/include/port.h b/src/include/port.h
index f3120932c9b..61b566d4021 100644
--- a/src/include/port.h
+++ b/src/include/port.h
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/port.h,v 1.75 2005/05/25 21:40:41 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/port.h,v 1.76 2005/06/27 02:04:25 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -267,10 +267,6 @@ extern int	getopt(int nargc, char *const * nargv, const char *ostr);
 extern int	isinf(double x);
 #endif
 
-#if !defined(HAVE_GETHOSTNAME) && defined(KRB4)
-extern int	gethostname(char *name, int namelen);
-#endif
-
 #ifndef HAVE_RINT
 extern double rint(double x);
 #endif
diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile
index 911bc975bbe..84ac0e1372b 100644
--- a/src/interfaces/libpq/Makefile
+++ b/src/interfaces/libpq/Makefile
@@ -5,7 +5,7 @@
 # Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 # Portions Copyright (c) 1994, Regents of the University of California
 #
-# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.133 2005/04/29 14:07:27 momjian Exp $
+# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.134 2005/06/27 02:04:26 neilc Exp $
 #
 #-------------------------------------------------------------------------
 
@@ -53,7 +53,7 @@ endif
 # Add libraries that libpq depends (or might depend) on into the
 # shared library link.  (The order in which you list them here doesn't
 # matter.)
-SHLIB_LINK += $(filter -lcrypt -ldes -lkrb -lcom_err -lcrypto -lk5crypto -lkrb5 -lssl -lsocket -lnsl -lresolv -lintl, $(LIBS)) $(PTHREAD_LIBS)
+SHLIB_LINK += $(filter -lcrypt -ldes -lcom_err -lcrypto -lk5crypto -lkrb5 -lssl -lsocket -lnsl -lresolv -lintl, $(LIBS)) $(PTHREAD_LIBS)
 ifeq ($(PORTNAME), win32)
 SHLIB_LINK += -lshfolder -lwsock32 -lws2_32 $(filter -leay32 -lssleay32 -lcomerr32 -lkrb5_32, $(LIBS))
 endif
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 6624df1ad0a..d9865f2a5f9 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.101 2005/06/04 20:42:43 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.102 2005/06/27 02:04:26 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -64,7 +64,7 @@
  */
 
 #define STARTUP_MSG		7		/* Initialise a connection */
-#define STARTUP_KRB4_MSG	10	/* krb4 session follows */
+#define STARTUP_KRB4_MSG	10	/* krb4 session follows. Not supported any more. */
 #define STARTUP_KRB5_MSG	11	/* krb5 session follows */
 #define STARTUP_PASSWORD_MSG	14		/* Password follows */
 
@@ -87,157 +87,22 @@ struct authsvc
  * isn't any authentication system.
  */
 static const struct authsvc authsvcs[] = {
-#ifdef KRB4
-	{"krb4", STARTUP_KRB4_MSG, 1},
-	{"kerberos", STARTUP_KRB4_MSG, 1},
-#endif   /* KRB4 */
 #ifdef KRB5
 	{"krb5", STARTUP_KRB5_MSG, 1},
 	{"kerberos", STARTUP_KRB5_MSG, 1},
 #endif   /* KRB5 */
 	{UNAUTHNAME, STARTUP_MSG,
-#if defined(KRB4) || defined(KRB5)
+#ifdef KRB5
 		0
-#else							/* !(KRB4 || KRB5) */
+#else							/* !KRB5 */
 		1
-#endif   /* !(KRB4 || KRB5) */
+#endif   /* !KRB5 */
 	},
 	{"password", STARTUP_PASSWORD_MSG, 0}
 };
 
 static const int n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc);
 
-#ifdef KRB4
-/*
- * MIT Kerberos authentication system - protocol version 4
- */
-
-#include "krb.h"
-
-/* for some reason, this is not defined in krb.h ... */
-extern char *tkt_string(void);
-
-/*
- * pg_krb4_init -- initialization performed before any Kerberos calls are made
- *
- * For v4, all we need to do is make sure the library routines get the right
- * ticket file if we want them to see a special one.  (They will open the file
- * themselves.)
- */
-static void
-pg_krb4_init()
-{
-	char	   *realm;
-	static int	init_done = 0;
-
-	if (init_done)
-		return;
-	init_done = 1;
-
-	/*
-	 * If the user set PGREALM, then we use a ticket file with a special
-	 * name: <usual-ticket-file-name>@<PGREALM-value>
-	 */
-	if ((realm = getenv("PGREALM")))
-	{
-		char		tktbuf[MAXPGPATH];
-
-		(void) snprintf(tktbuf, sizeof(tktbuf), "%s@%s", tkt_string(), realm);
-		krb_set_tkt_string(tktbuf);
-	}
-}
-
-/*
- * pg_krb4_authname -- returns a pointer to static space containing whatever
- *					   name the user has authenticated to the system
- *
- * We obtain this information by digging around in the ticket file.
- */
-static char *
-pg_krb4_authname(char *PQerrormsg)
-{
-	char		instance[INST_SZ + 1];
-	char		realm[REALM_SZ + 1];
-	int			status;
-	static char name[SNAME_SZ + 1] = "";
-
-	if (name[0])
-		return name;
-
-	pg_krb4_init();
-
-	name[SNAME_SZ] = '\0';
-	status = krb_get_tf_fullname(tkt_string(), name, instance, realm);
-	if (status != KSUCCESS)
-	{
-		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-				 "pg_krb4_authname: krb_get_tf_fullname: %s\n",
-				 krb_err_txt[status]);
-		return NULL;
-	}
-	return name;
-}
-
-/*
- * pg_krb4_sendauth -- client routine to send authentication information to
- *					   the server
- *
- * This routine does not do mutual authentication, nor does it return enough
- * information to do encrypted connections.  But then, if we want to do
- * encrypted connections, we'll have to redesign the whole RPC mechanism
- * anyway.
- *
- * If the user is too lazy to feed us a hostname, we try to come up with
- * something other than "localhost" since the hostname is used as an
- * instance and instance names in v4 databases are usually actual hostnames
- * (canonicalized to omit all domain suffixes).
- */
-static int
-pg_krb4_sendauth(char *PQerrormsg, int sock,
-				 struct sockaddr_in * laddr,
-				 struct sockaddr_in * raddr,
-				 const char *hostname, 
-				 const char *servicename)
-{
-	long		krbopts = 0;	/* one-way authentication */
-	KTEXT_ST	clttkt;
-	int			status;
-	char		hostbuf[MAXHOSTNAMELEN];
-	const char *realm = getenv("PGREALM");		/* NULL == current realm */
-
-	if (!hostname || !(*hostname))
-	{
-		if (gethostname(hostbuf, MAXHOSTNAMELEN) < 0)
-			strcpy(hostbuf, "localhost");
-		hostname = hostbuf;
-	}
-
-	pg_krb4_init();
-
-	status = krb_sendauth(krbopts,
-						  sock,
-						  &clttkt,
-						  servicename,
-						  hostname,
-						  realm,
-						  (u_long) 0,
-						  NULL,
-						  NULL,
-						  NULL,
-						  laddr,
-						  raddr,
-						  PG_KRB4_VERSION);
-	if (status != KSUCCESS)
-	{
-		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-				 libpq_gettext("Kerberos 4 error: %s\n"),
-				 krb_err_txt[status]);
-		return STATUS_ERROR;
-	}
-	return STATUS_OK;
-}
-#endif   /* KRB4 */
-
 #ifdef KRB5
 /*
  * MIT Kerberos authentication system - protocol version 5
@@ -597,7 +462,7 @@ int
 fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 			const char *password, char *PQerrormsg)
 {
-#if !defined(KRB4) && !defined(KRB5)
+#ifndef KRB5
 	(void) hostname;			/* not used */
 #endif
 
@@ -607,24 +472,9 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 			break;
 
 		case AUTH_REQ_KRB4:
-#ifdef KRB4
-			pglock_thread();
-			if (pg_krb4_sendauth(PQerrormsg, conn->sock,
-							   (struct sockaddr_in *) & conn->laddr.addr,
-							   (struct sockaddr_in *) & conn->raddr.addr,
-								 hostname, conn->krbsrvname) != STATUS_OK)
-			{
-				/* PQerrormsg already filled in */
-				pgunlock_thread();
-				return STATUS_ERROR;
-			}
-			pgunlock_thread();
-			break;
-#else
 			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 			 libpq_gettext("Kerberos 4 authentication not supported\n"));
 			return STATUS_ERROR;
-#endif
 
 		case AUTH_REQ_KRB5:
 #ifdef KRB5
@@ -754,17 +604,12 @@ fe_getauthname(char *PQerrormsg)
 
 	pglock_thread();
 
-#ifdef KRB4
-	if (authsvc == STARTUP_KRB4_MSG)
-		name = pg_krb4_authname(PQerrormsg);
-#endif
 #ifdef KRB5
 	if (authsvc == STARTUP_KRB5_MSG)
 		name = pg_krb5_authname(PQerrormsg);
 #endif
 
 	if (authsvc == STARTUP_MSG
-		|| (authsvc == STARTUP_KRB4_MSG && !name)
 		|| (authsvc == STARTUP_KRB5_MSG && !name))
 	{
 #ifdef WIN32
@@ -776,7 +621,7 @@ fe_getauthname(char *PQerrormsg)
 #endif
 	}
 
-	if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB4_MSG && authsvc != STARTUP_KRB5_MSG)
+	if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB5_MSG)
 		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 				 libpq_gettext("fe_getauthname: invalid authentication system: %d\n"),
 				 authsvc);
diff --git a/src/interfaces/libpq/fe-auth.h b/src/interfaces/libpq/fe-auth.h
index f0a98a59664..024107564b0 100644
--- a/src/interfaces/libpq/fe-auth.h
+++ b/src/interfaces/libpq/fe-auth.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.h,v 1.20 2004/12/31 22:03:50 pgsql Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.h,v 1.21 2005/06/27 02:04:26 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -27,11 +27,11 @@
 #define UNAUTHNAME				"unauth"
 
 /* what a frontend uses by default */
-#if !defined(KRB4) && !defined(KRB5)
+#ifndef KRB5
 #define DEFAULT_CLIENT_AUTHSVC	UNAUTHNAME
-#else							/* KRB4 || KRB5 */
+#else
 #define DEFAULT_CLIENT_AUTHSVC	"kerberos"
-#endif   /* KRB4 || KRB5 */
+#endif   /* KRB5 */
 
 extern int fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
 			const char *password, char *PQerrormsg);
@@ -39,7 +39,6 @@ extern MsgType fe_getauthsvc(char *PQerrormsg);
 extern void fe_setauthsvc(const char *name, char *PQerrormsg);
 extern char *fe_getauthname(char *PQerrormsg);
 
-#define PG_KRB4_VERSION "PGVER4.1"		/* at most KRB_SENDAUTH_VLEN chars */
-#define PG_KRB5_VERSION "PGVER5.1"
+#define PG_KRB5_VERSION "PGVER5.1"      /* at most KRB_SENDAUTH_VLEN chars */
 
 #endif   /* FE_AUTH_H */
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 3524bb93856..1ededb23e20 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.312 2005/06/19 13:10:55 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.313 2005/06/27 02:04:26 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -170,7 +170,7 @@ static const PQconninfoOption PQconninfoOptions[] = {
 	{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
 	"SSL-Mode", "", 8},			/* sizeof("disable") == 8 */
 
-#if defined(KRB4) || defined(KRB5)
+#ifdef KRB5
 	/* Kerberos authentication supports specifying the service name */
 	{"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL,
 	 "Kerberos-service-name", "", 20},
@@ -401,7 +401,7 @@ connectOptions1(PGconn *conn, const char *conninfo)
 		conn->sslmode = strdup("require");
 	}
 #endif
-#if defined(KRB4) || defined(KRB5)
+#ifdef KRB5
 	tmp = conninfo_getval(connOptions, "krbsrvname");
 	conn->krbsrvname = tmp ? strdup(tmp) : NULL;
 #endif
@@ -1916,7 +1916,7 @@ freePGconn(PGconn *conn)
 		free(conn->pgpass);
 	if (conn->sslmode)
 		free(conn->sslmode);
-#if defined(KRB4) || defined(KRB5)
+#ifdef KRB5
 	if (conn->krbsrvname)
 		free(conn->krbsrvname);
 #endif
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index 2274efbfb54..d9cc783237b 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -12,7 +12,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.103 2005/06/13 02:26:53 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.104 2005/06/27 02:04:26 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -262,7 +262,7 @@ struct pg_conn
 	char	   *pguser;			/* Postgres username and password, if any */
 	char	   *pgpass;
 	char	   *sslmode;		/* SSL mode (require,prefer,allow,disable) */
-#if defined(KRB5) || defined(KRB4)
+#ifdef KRB5
 	char       *krbsrvname;     /* Kerberos service name */
 #endif