Skip site navigation (1) Skip section navigation (2)

Re: Heimdal Kerberos 5 support in 7.1.3

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: "Torbj|rn Lindh" <torbjorn(dot)lindh(at)allgon(dot)se>
Cc: pgsql-ports(at)postgresql(dot)org
Subject: Re: Heimdal Kerberos 5 support in 7.1.3
Date: 2002-02-23 00:38:26
Message-ID: 200202230038.g1N0cQj14154@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-ports
Your patch has been added to the PostgreSQL unapplied patches list at:

	http://candle.pha.pa.us/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.  Will need review along
with other Kerberos patch.

---------------------------------------------------------------------------


Torbj|rn Lindh wrote:
> The following patch allowed me to compile 7.1.3 with krb5 support from the
> Heimdal krb5 port. Configure with --with-heimdal rather than --with-krb5.
> 
> --- ./src/backend/libpq/auth.c.~1~	Thu Mar 22 04:59:30 2001
> +++ ./src/backend/libpq/auth.c	Fri Dec  7 13:31:18 2001
> @@ -277,7 +277,12 @@
>  	 * I have no idea why this is considered necessary.
>  	 */
>  	retval = krb5_unparse_name(pg_krb5_context,
> -							   ticket->enc_part2->client, &kusername);
> +#ifdef HEIMDAL
> +							   ticket->client,
> +#else
> +							   ticket->enc_part2->client,
> +#endif
> +							   &kusername);
>  	if (retval)
>  	{
>  		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
> --- ./src/include/config.h.in.~1~	Sun Apr 15 00:55:02 2001
> +++ ./src/include/config.h.in	Fri Dec  7 12:59:26 2001
> @@ -54,8 +54,12 @@
>  /* Define to build with Kerberos 4 support (--with-krb4[=DIR]) */
>  #undef KRB4
>  
> -/* Define to build with Kerberos 5 support (--with-krb5[=DIR]) */
> +/* Define to build with Kerberos 5 support (--with-krb5[=DIR])
> +   or with Heimdal Kerberos 5 support (--with-heimdal[=DIR])*/
>  #undef KRB5
> +
> +/* Define to build with Heimdal Kerberos 5 support (--with-heimdal[=DIR]) */
> +#undef HEIMDAL
>  
>  /* Kerberos name of the Postgres service principal (--with-krb-srvnam=NAME) */
>  #undef PG_KRB_SRVNAM
> --- ./src/interfaces/libpq/fe-auth.c.~1~	Thu Mar 22 05:01:25 2001
> +++ ./src/interfaces/libpq/fe-auth.c	Fri Dec  7 12:58:01 2001
> @@ -37,6 +37,7 @@
>  #ifdef WIN32
>  #include "win32.h"
>  #else
> +#include <errno.h>
>  #include <unistd.h>
>  #include <fcntl.h>
>  #include <sys/param.h>			/* for MAXHOSTNAMELEN on most */
> @@ -399,9 +400,14 @@
>  	{
>  		if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
>  		{
> +#ifdef HEIMDAL
> +			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
> +					 "pg_krb5_sendauth: authentication rejected.");
> +#else
>  			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
>  					 "pg_krb5_sendauth: authentication rejected: \"%*s\"",
>  					 err_ret->text.length, err_ret->text.data);
> +#endif
>  		}
>  		else
>  		{
> --- ./configure.in.~1~	Thu Aug 16 20:36:31 2001
> +++ ./configure.in	Fri Dec  7 13:03:25 2001
> @@ -470,6 +470,28 @@
>  AC_SUBST(with_krb5)
>  
>  
> +#
> +# Heimdal Kerberos 5
> +#
> +PGAC_ARG_OPTARG(with, heimdal, [  --with-heimdal[=DIR]       build with Heimdal Kerberos 5 support [/usr/heimdal]],
> +              [krb5_prefix=/usr/heimdal],
> +              [krb5_prefix=$withval],
> +[
> +  AC_MSG_RESULT([building with Heimdal Kerberos 5 support])
> +  AC_DEFINE(KRB5, 1, [Define if you are building with Kerberos 5 support.])
> +  AC_DEFINE(HEIMDAL, 1, [Define if you are building with Heimdal Kerberos 5 support.])
> +
> +  if test -d "$krb5_prefix/include"; then
> +    INCLUDES="$INCLUDES -I$krb5_prefix/include"
> +  fi
> +  if test -d "$krb5_prefix/lib"; then
> +    LIBDIRS="$LIBDIRS -L$krb5_prefix/lib"
> +  fi
> +
> +  krb_srvtab="FILE:\$(sysconfdir)/krb5.keytab"
> +])
> +
> +
>  # Using both Kerberos 4 and Kerberos 5 at the same time isn't going to work.
>  if test "$with_krb4" = yes && test "$with_krb5" = yes ; then
>    AC_MSG_ERROR([Kerberos 4 and Kerberos 5 support cannot be combined])
> @@ -692,6 +714,14 @@
>    AC_CHECK_LIB(com_err, [com_err], [], [AC_MSG_ERROR([library 'com_err' is required for Kerberos 5])])
>    AC_CHECK_LIB(crypto,  [krb5_encrypt], [],
>      [AC_CHECK_LIB(k5crypto, [krb5_encrypt], [], [AC_MSG_ERROR([library 'crypto' or 'k5crypto' is required for Kerberos 5])])])
> +  AC_CHECK_LIB(krb5,    [krb5_sendauth], [], [AC_MSG_ERROR([library 'krb5' is required for Kerberos 5])])
> +fi
> +
> +if test "$with_heimdal" = yes ; then
> +  AC_CHECK_LIB(com_err, [com_err], [], [AC_MSG_ERROR([library 'com_err' is required for Heimdal Kerberos 5])])
> +  AC_CHECK_LIB(asn1, [free_Checksum], [], [AC_MSG_ERROR([library 'asn1' is required for Heimdal Kerberos 5])])
> +  AC_CHECK_LIB(roken, [roken_getaddrinfo_hostspec], [], [AC_MSG_ERROR([library 'roken' is required for Heimdal Kerberos 5])])
> +  AC_CHECK_LIB(des, [des_set_odd_parity], [], [AC_MSG_ERROR([library 'des' is required for Heimdal Kerberos 5])])
>    AC_CHECK_LIB(krb5,    [krb5_sendauth], [], [AC_MSG_ERROR([library 'krb5' is required for Kerberos 5])])
>  fi
>  
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
> 
> http://www.postgresql.org/users-lounge/docs/faq.html
> 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

Responses

pgsql-ports by date

Next:From: Bruce MomjianDate: 2002-02-23 01:37:48
Subject: Re: Heimdal Kerberos 5 support in 7.1.3
Previous:From: Bruce MomjianDate: 2002-02-22 05:34:49
Subject: Re: port to Openserver and Unixware/ GCC

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group