| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: longfin missing gssapi_ext.h |
| Date: | 2023-04-10 15:16:47 |
| Message-ID: | 4077651.1681139807@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> Yeah, I wouldn't be the least bit surprised if many folks running
> FreeBSD with any interest in Kerberos have MIT Kerberos installed given
> that Heimdal doesn't seem to be under any kind of ongoing active
> development and is just in this maintenance mode.
Yeah, that's a pretty scary situation for security-critical software.
Maybe we should just desupport Heimdal, rather than investing effort
to the contrary?
Also, the core-code versions of Heimdal in these BSDen are even scarier
than the upstream releases, so I'm thinking that the fact that we
currently compile against them is more a net negative than a positive.
(Same logic as for macOS, really.)
IOW, maybe it'd be okay to de-revert 3d4fa227b and add documentation
saying that --with-gssapi requires MIT Kerberos not Heimdal.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2023-04-10 15:30:14 | Re: longfin missing gssapi_ext.h |
| Previous Message | Tom Lane | 2023-04-10 15:09:41 | Re: pgsql: psql: add an optional execution-count limit to \watch. |