--- ../pgsql-master/configure.in	Fri Nov 16 17:41:19 2001
+++ configure.in	Sat Nov 17 14:29:37 2001
@@ -732,10 +732,12 @@
 fi
 
 if test "$with_krb5" = yes ; then
-  AC_CHECK_LIB(com_err, [com_err], [], [AC_MSG_ERROR([library 'com_err' is required for Kerberos 5])])
-  AC_CHECK_LIB(crypto,  [krb5_encrypt], [],
-    [AC_CHECK_LIB(k5crypto, [krb5_encrypt], [], [AC_MSG_ERROR([library 'crypto' or 'k5crypto' is required for Kerberos 5])])])
-  AC_CHECK_LIB(krb5,    [krb5_sendauth], [], [AC_MSG_ERROR([library 'krb5' is required for Kerberos 5])])
+  AC_SEARCH_LIBS(com_err, [krb5 com_err], [],
+                 [AC_MSG_ERROR([unable to find function 'com_err' required for Kerberos 5])])
+  AC_SEARCH_LIBS(krb5_encrypt, [krb5 crypto k5crypto], [],
+                 [AC_MSG_ERROR([unable to find function 'krb5_encrypt' required for Kerberos 5])])
+  AC_SEARCH_LIBS(krb5_sendauth, [krb5], [],
+                 [AC_MSG_ERROR([unable to find function 'krb5_sendauth' required for Kerberos 5])])
 fi
 
 if test "$with_openssl" = yes ; then
@@ -808,6 +810,21 @@
 PGAC_STRUCT_FCRED
 PGAC_STRUCT_SOCKCRED
 PGAC_STRUCT_SOCKADDR_UN
+
+if test "$with_krb5" = yes; then
+# Check for differences between MIT and Heimdal (KTH) releases
+  PGAC_CHECK_MEMBER([krb5_ticket.enc_part2], [],
+                    [PGAC_CHECK_MEMBER([krb5_ticket.client], [],
+                                       [AC_MSG_ERROR([unable to determine how to get client name from Kerberos 5 ticket])],
+                                       [#include <krb5.h>])],
+                    [#include <krb5.h>])
+  PGAC_CHECK_MEMBER([krb5_error.text.data], [],
+                    [PGAC_CHECK_MEMBER([krb5_error.e_data], [],
+                                       [AC_MSG_ERROR([unable to determine how to extract Kerberos 5 error messages])],
+                                       [#include <krb5.h>])],
+                    [#include <krb5.h>])
+fi
+
 
 ##
 ## Functions, global variables
--- ../pgsql-master/config/c-library.m4	Sat Sep  8 17:25:23 2001
+++ config/c-library.m4	Sat Nov 17 12:32:51 2001
@@ -172,3 +172,34 @@
   AC_DEFINE([STRING_H_WITH_STRINGS_H], 1,
             [Define if string.h and strings.h may both be included])
 fi])
+
+
+# PGAC_CHECK_MEMBER(AGGREGATE.MEMBER,
+#                   [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND],
+#                   [INCLUDES])
+# -----------------------------------------------------------
+
+AC_DEFUN([PGAC_CHECK_MEMBER],
+[changequote(<<, >>)dnl
+dnl The name to #define.
+define(<<pgac_define_name>>, translit(HAVE_$1, [a-z .*], [A-Z__P]))dnl
+dnl The cache variable name.
+define(<<pgac_cache_name>>, translit(pgac_cv_member_$1, [ .*], [__p]))dnl
+changequote([, ])dnl
+AC_CACHE_CHECK([for $1], [pgac_cache_name],
+[AC_TRY_COMPILE([$4],
+[static ]patsubst([$1], [\..*])[ pgac_var;
+if (pgac_var.]patsubst([$1], [^[^.]*\.])[)
+return 0;],
+[pgac_cache_name=yes],
+[pgac_cache_name=no])])
+
+if test x"[$]pgac_cache_name" = x"yes"; then
+  AC_DEFINE_UNQUOTED(pgac_define_name)
+  $2
+else
+  ifelse([$3], [], :, [$3])
+fi
+undefine([pgac_define_name])[]dnl
+undefine([pgac_cache_name])[]dnl
+])
--- ../pgsql-master/src/include/pg_config.h.in	Fri Nov 16 17:41:40 2001
+++ src/include/pg_config.h.in	Sat Nov 17 13:56:33 2001
@@ -622,6 +622,18 @@
 /* Set to 1 if you have struct sockaddr_un */
 #undef HAVE_STRUCT_SOCKADDR_UN
 
+/* Set to 1 if you have krb5_ticket.enc_part2 */
+#undef HAVE_KRB5_TICKET_ENC_PART2
+
+/* Set to 1 if you have krb5_ticket.client */
+#undef HAVE_KRB5_TICKET_CLIENT
+
+/* Set to 1 if you have krb5_error.text.data */
+#undef HAVE_KRB5_ERROR_TEXT_DATA
+
+/* Set to 1 if you have krb5_ticket.e_data */
+#undef HAVE_KRB5_ERROR_E_DATA
+
 /* Set to 1 if type "long int" works and is 64 bits */
 #undef HAVE_LONG_INT_64
 
--- ../pgsql-master/src/backend/libpq/auth.c	Fri Nov  9 00:54:46 2001
+++ src/backend/libpq/auth.c	Sat Nov 17 14:03:46 2001
@@ -229,7 +229,7 @@
 				 " Kerberos error %d\n", retval);
 		com_err("postgres", retval,
 				"while getting server principal for service %s",
-				pg_krb_server_keyfile);
+				PG_KRB_SRVNAM);
 		krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
 		krb5_free_context(pg_krb5_context);
 		return STATUS_ERROR;
@@ -283,8 +283,15 @@
 	 *
 	 * I have no idea why this is considered necessary.
 	 */
+#if defined(HAVE_KRB5_TICKET_ENC_PART2)
 	retval = krb5_unparse_name(pg_krb5_context,
 							   ticket->enc_part2->client, &kusername);
+#elif defined(HAVE_KRB5_TICKET_CLIENT)
+	retval = krb5_unparse_name(pg_krb5_context,
+							   ticket->client, &kusername);
+#else
+#error "bogus configuration"
+#endif
 	if (retval)
 	{
 		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
--- ../pgsql-master/src/interfaces/libpq/fe-auth.c	Fri Nov  9 00:55:17 2001
+++ src/interfaces/libpq/fe-auth.c	Sat Nov 17 13:53:11 2001
@@ -403,9 +403,17 @@
 	{
 		if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
 		{
+#if defined(HAVE_KRB5_ERROR_TEXT_DATA)
 			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 			  libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
 					 err_ret->text.length, err_ret->text.data);
+#elif defined(HAVE_KRB5_ERROR_E_DATA)
+			snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+			  libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
+					 err_ret->e_data->length, err_ret->e_data->data);
+#else
+#error "bogus configuration"
+#endif
 		}
 		else
 		{