diff options
| author | Magnus Hagander <magnus@hagander.net> | 2014-01-15 17:24:01 +0100 |
|---|---|---|
| committer | Magnus Hagander <magnus@hagander.net> | 2014-01-19 17:05:01 +0100 |
| commit | 98de86e4221a418d670db86bf28ff15e880beadc (patch) | |
| tree | aeba76356dfe639d4e9aff48875062f1defb16cc /configure.in | |
| parent | 4b8f2859ccc4fe1e9b66fbdb332b830b69a9d6cf (diff) | |
| download | postgresql-98de86e4221a418d670db86bf28ff15e880beadc.tar.gz | |
Remove support for native krb5 authentication
krb5 has been deprecated since 8.3, and the recommended way to do
Kerberos authentication is using the GSSAPI authentication method
(which is still fully supported).
libpq retains the ability to identify krb5 authentication, but only
gives an error message about it being unsupported. Since all authentication
is initiated from the backend, there is no need to keep it at all
in the backend.
Diffstat (limited to 'configure.in')
| -rw-r--r-- | configure.in | 54 |
1 files changed, 2 insertions, 52 deletions
diff --git a/configure.in b/configure.in index 63c8d425eb..3826237410 100644 --- a/configure.in +++ b/configure.in @@ -608,17 +608,6 @@ PGAC_ARG_BOOL(with, gssapi, no, [build with GSSAPI support], ]) AC_MSG_RESULT([$with_gssapi]) -# -# Kerberos 5 -# -AC_MSG_CHECKING([whether to build with Kerberos 5 support]) -PGAC_ARG_BOOL(with, krb5, no, [build with Kerberos 5 support], -[ - AC_DEFINE(KRB5, 1, [Define to build with Kerberos 5 support. (--with-krb5)]) - krb_srvtab="FILE:\$(sysconfdir)/krb5.keytab" -]) -AC_MSG_RESULT([$with_krb5]) - AC_SUBST(krb_srvtab) @@ -627,11 +616,11 @@ AC_SUBST(krb_srvtab) # Kerberos configuration parameters # PGAC_ARG_REQ(with, krb-srvnam, - [NAME], [default service principal name in Kerberos [postgres]], + [NAME], [default service principal name in Kerberos (GSSAPI) [postgres]], [], [with_krb_srvnam="postgres"]) AC_DEFINE_UNQUOTED([PG_KRB_SRVNAM], ["$with_krb_srvnam"], - [Define to the name of the default PostgreSQL service principal in Kerberos. (--with-krb-srvnam=NAME)]) + [Define to the name of the default PostgreSQL service principal in Kerberos (GSSAPI). (--with-krb-srvnam=NAME)]) # @@ -929,18 +918,6 @@ if test "$with_gssapi" = yes ; then fi fi -if test "$with_krb5" = yes ; then - if test "$PORTNAME" != "win32"; then - AC_SEARCH_LIBS(com_err, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken' com_err 'com_err -lssl -lcrypto'], [], - [AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])]) - AC_SEARCH_LIBS(krb5_sendauth, [krb5 'krb5 -lcrypto -ldes -lasn1 -lroken'], [], - [AC_MSG_ERROR([could not find function 'krb5_sendauth' required for Kerberos 5])]) - else - AC_SEARCH_LIBS(com_err, 'comerr32 -lkrb5_32', [], - [AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])]) - fi -fi - if test "$with_openssl" = yes ; then dnl Order matters! if test "$PORTNAME" != "win32"; then @@ -1061,10 +1038,6 @@ if test "$with_gssapi" = yes ; then [AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])]) fi -if test "$with_krb5" = yes ; then - AC_CHECK_HEADER(krb5.h, [], [AC_MSG_ERROR([header file <krb5.h> is required for Kerberos 5])]) -fi - if test "$with_openssl" = yes ; then AC_CHECK_HEADER(openssl/ssl.h, [], [AC_MSG_ERROR([header file <openssl/ssl.h> is required for OpenSSL])]) AC_CHECK_HEADER(openssl/err.h, [], [AC_MSG_ERROR([header file <openssl/err.h> is required for OpenSSL])]) @@ -1160,29 +1133,6 @@ Use --without-zlib to disable zlib support.])], [#include <zlib.h>]) fi -if test "$with_krb5" = yes; then -# Check for differences between MIT and Heimdal (KTH) releases - AC_CHECK_MEMBERS(krb5_ticket.enc_part2, [], - [AC_CHECK_MEMBERS(krb5_ticket.client, [], - [AC_MSG_ERROR([could not determine how to get client name from Kerberos 5 ticket])], - [#include <krb5.h>])], - [#include <krb5.h>]) - AC_CHECK_MEMBERS(krb5_error.text.data, [], - [AC_CHECK_MEMBERS(krb5_error.e_data, [], - [AC_MSG_ERROR([could not determine how to extract Kerberos 5 error messages])], - [#include <krb5.h>])], - [#include <krb5.h>]) - -# Win32 requires headers to be loaded for __stdcall, so can't use -# AC_CHECK_FUNCS here. - AC_MSG_CHECKING(for krb5_free_unparsed_name) - AC_TRY_LINK([#include <krb5.h>], - [krb5_free_unparsed_name(NULL,NULL);], - [AC_DEFINE(HAVE_KRB5_FREE_UNPARSED_NAME, 1, [Define to 1 if you have krb5_free_unparsed_name.]) -AC_MSG_RESULT(yes)], - [AC_MSG_RESULT(no)]) -fi - # On PPC, check if assembler supports LWARX instruction's mutex hint bit case $host_cpu in ppc*|powerpc*) |