fi
+done
+
+ for ac_header in gssapi/gssapi_ext.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi_ext.h" "ac_cv_header_gssapi_gssapi_ext_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_gssapi_ext_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_GSSAPI_EXT_H 1
+_ACEOF
+
+else
+ for ac_header in gssapi_ext.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi_ext.h" "ac_cv_header_gssapi_ext_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_ext_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_EXT_H 1
+_ACEOF
+
+else
+ as_fn_error $? "gssapi_ext.h header file is required for GSSAPI" "$LINENO" 5
+fi
+
+done
+
+fi
+
done
fi
if test "$with_gssapi" = yes ; then
AC_CHECK_HEADERS(gssapi/gssapi.h, [],
[AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])])
+ AC_CHECK_HEADERS(gssapi/gssapi_ext.h, [],
+ [AC_CHECK_HEADERS(gssapi_ext.h, [], [AC_MSG_ERROR([gssapi_ext.h header file is required for GSSAPI])])])
fi
PGAC_PATH_PROGS(OPENSSL, openssl)
The keytab file is generated using the Kerberos software; see the
Kerberos documentation for details. The following example shows
doing this using the
kadmin tool of
- MIT-compatible Kerberos 5 implementation s:
+ MIT Kerbero s:
kadmin% addprinc -randkey postgres/server.my.domain.org
kadmin% ktadd -k krb5.keytab postgres/server.my.domain.org
- You need
Kerberos ,
OpenLDAP ,
- and/or
PAM , if you want to support authentication
- using those services.
+ You need
MIT Kerberos (for GSSAPI),
+ if you want to support authentication using those services.
--with-gssapi
- Build with support for GSSAPI authentication. On many systems, the
- GSSAPI system (usually a part of the Kerberos installation) is no t
- installed in a location
+ Build with support for GSSAPI authentication. MIT Kerberos is required
+ to be installed for GSSAPI. On many systems, the GSSAPI system (a par t
+ of the MIT Kerberos installation) is not installed in a location
that is searched by default (e.g., /usr/include ,
/usr/lib ), so you must use the options
--with-includes and --with-libraries in
-Dgssapi={ auto | enabled | disabled }
- Build with support for GSSAPI authentication. On many systems, the
- GSSAPI system (usually a part of the Kerberos installation) is not
- installed in a location that is searched by default (e.g.,
- /usr/include , /usr/lib ). In
+ Build with support for GSSAPI authentication. MIT Kerberos is required
+ to be installed for GSSAPI. On many systems, the GSSAPI system (a part
+ of the MIT Kerberos installation) is not installed in a location
+ that is searched by default (e.g., /usr/include ,
+ /usr/lib ). In
those cases, PostgreSQL will query pkg-config to
detect the required compiler and linker options. Defaults to auto.
meson configure will check for the required
have_gssapi = false
endif
+ if not have_gssapi
+ elif cc.check_header('gssapi/gssapi_ext.h', dependencies: gssapi, required: false,
+ args: test_c_args, include_directories: postgres_inc)
+ cdata.set('HAVE_GSSAPI_GSSAPI_EXT_H', 1)
+ elif cc.check_header('gssapi_ext.h', args: test_c_args, dependencies: gssapi, required: gssapiopt)
+ cdata.set('HAVE_GSSAPI_EXT_H', 1)
+ else
+ have_gssapi = false
+ endif
+
if not have_gssapi
elif cc.has_function('gss_init_sec_context', dependencies: gssapi,
args: test_c_args, include_directories: postgres_inc)
gss_cred_id_t delegated_creds;
/*
- * Use the configured keytab, if there is one. Unfortunately, Heimdal
- * doesn't support the cred store extensions, so use the env var.
+ * Use the configured keytab, if there is one. As we now require MIT
+ * Kerberos, we might consider using the credential store extensions in
+ * the future instead of the environment variable.
*/
if (pg_krb_server_keyfile != NULL && pg_krb_server_keyfile[0] != '\0')
{
PqGSSRecvLength = PqGSSResultLength = PqGSSResultNext = 0;
/*
- * Use the configured keytab, if there is one. Unfortunately, Heimdal
- * doesn't support the cred store extensions, so use the env var.
+ * Use the configured keytab, if there is one. As we now require MIT
+ * Kerberos, we might consider using the credential store extensions in the
+ * future instead of the environment variable.
*/
if (pg_krb_server_keyfile != NULL && pg_krb_server_keyfile[0] != '\0')
{
projects / postgresql.git / commitdiff