From f7431bca8b0138bdbce7025871560d39119565a0 Mon Sep 17 00:00:00 2001 From: Stephen Frost Date: Thu, 13 Apr 2023 08:55:13 -0400 Subject: Explicitly require MIT Kerberos for GSSAPI WHen building with GSSAPI support, explicitly require MIT Kerberos and check for gssapi_ext.h in configure.ac and meson.build. Also add documentation explicitly stating that we now require MIT Kerberos when building with GSSAPI support. Reveiwed by: Johnathan Katz Discussion: https://postgr.es/m/abcc73d0-acf7-6896-e0dc-f5bc12a61bb1@postgresql.org --- src/backend/libpq/be-secure-gssapi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/backend/libpq/be-secure-gssapi.c') diff --git a/src/backend/libpq/be-secure-gssapi.c b/src/backend/libpq/be-secure-gssapi.c index 73f8ce85549..6212f225fda 100644 --- a/src/backend/libpq/be-secure-gssapi.c +++ b/src/backend/libpq/be-secure-gssapi.c @@ -526,8 +526,9 @@ secure_open_gssapi(Port *port) PqGSSRecvLength = PqGSSResultLength = PqGSSResultNext = 0; /* - * Use the configured keytab, if there is one. Unfortunately, Heimdal - * doesn't support the cred store extensions, so use the env var. + * Use the configured keytab, if there is one. As we now require MIT + * Kerberos, we might consider using the credential store extensions in the + * future instead of the environment variable. */ if (pg_krb_server_keyfile != NULL && pg_krb_server_keyfile[0] != '\0') { -- cgit v1.2.3