Index: INSTALL =================================================================== RCS file: /projects/cvsroot/pgsql-server/INSTALL,v retrieving revision 1.89 diff -u -r1.89 INSTALL --- INSTALL 2002/11/21 23:33:22 1.89 +++ INSTALL 2003/05/15 20:25:47 @@ -403,20 +403,20 @@ Build the JDBC driver and associated Java packages. - --with-krb4[=DIRECTORY], --with-krb5[=DIRECTORY] + --with-krb5[=DIRECTORY] - Build with support for Kerberos authentication. You can use either - Kerberos version 4 or 5, but not both. The "DIRECTORY" argument - specifies the root directory of the Kerberos installation; "/usr/ - athena" is assumed as default. If the relevant header files and - libraries are not under a common parent directory, then you must - use the "--with-includes" and "--with-libraries" options in - addition to this option. If, on the other hand, the required files - are in a location that is searched by default (e.g., "/usr/lib"), - then you can leave off the argument. - "configure" will check for the required header files and libraries - to make sure that your Kerberos installation is sufficient before - proceeding. + Build with support for Kerberos authentication. The + "DIRECTORY" argument specifies the root directory of the + Kerberos installation; "/usr/athena" is assumed as + default. If the relevant header files and libraries are + not under a common parent directory, then you must use the + "--with-includes" and "--with-libraries" options in + addition to this option. If, on the other hand, the + required files are in a location that is searched by + default (e.g., "/usr/lib"), then you can leave off the + argument. "configure" will check for the required header + files and libraries to make sure that your Kerberos + installation is sufficient before proceeding. --with-krb-srvnam=NAME Index: configure =================================================================== RCS file: /projects/cvsroot/pgsql-server/configure,v retrieving revision 1.260 diff -u -r1.260 configure --- configure 2003/05/15 17:59:16 1.260 +++ configure 2003/05/15 20:25:55 @@ -862,7 +862,6 @@ --with-perl build Perl modules (PL/Perl) --with-python build Python interface module --with-java build JDBC interface and Java tools - --with-krb4[=DIR] build with Kerberos 4 support [/usr/athena] --with-krb5[=DIR] build with Kerberos 5 support [/usr/athena] --with-krb-srvnam=NAME name of the service principal in Kerberos postgres --with-pam build with PAM support @@ -3158,64 +3157,6 @@ # -# Kerberos 4 -# -echo "$as_me:$LINENO: checking whether to build with Kerberos 4 support" >&5 -echo $ECHO_N "checking whether to build with Kerberos 4 support... $ECHO_C" >&6 - - - -# Check whether --with-krb4 or --without-krb4 was given. -if test "${with_krb4+set}" = set; then - withval="$with_krb4" - - case $withval in - yes) - krb4_prefix=/usr/athena - ;; - no) - : - ;; - *) - with_krb4=yes -krb4_prefix=$withval - ;; - esac - -else - with_krb4=no -fi; - - -if test "$with_krb4" = yes; then - - echo "$as_me:$LINENO: result: yes" >&5 -echo "${ECHO_T}yes" >&6 - -cat >>confdefs.h <<\_ACEOF -#define KRB4 1 -_ACEOF - - - if test -d "$krb4_prefix/include"; then - INCLUDES="$INCLUDES -I$krb4_prefix/include" - fi - if test -d "$krb4_prefix/lib"; then - LIBDIRS="$LIBDIRS -L$krb4_prefix/lib" - fi - - krb_srvtab="/etc/srvtab" - -else - echo "$as_me:$LINENO: result: no" >&5 -echo "${ECHO_T}no" >&6 -fi - - - - - -# # Kerberos 5 # echo "$as_me:$LINENO: checking whether to build with Kerberos 5 support" >&5 @@ -3273,16 +3214,6 @@ -# Using both Kerberos 4 and Kerberos 5 at the same time isn't going to work. -if test "$with_krb4" = yes && test "$with_krb5" = yes ; then - { { echo "$as_me:$LINENO: error: Kerberos 4 and Kerberos 5 support cannot be combined" >&5 -echo "$as_me: error: Kerberos 4 and Kerberos 5 support cannot be combined" >&2;} - { (exit 1); exit 1; }; } -fi - - - - # # Kerberos configuration parameters # @@ -5991,226 +5922,6 @@ fi -if test "$with_krb4" = yes ; then - -echo "$as_me:$LINENO: checking for des_encrypt in -ldes" >&5 -echo $ECHO_N "checking for des_encrypt in -ldes... $ECHO_C" >&6 -if test "${ac_cv_lib_des_des_encrypt+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-ldes $LIBS" -cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char des_encrypt (); -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -des_encrypt (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_lib_des_des_encrypt=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_lib_des_des_encrypt=no -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -echo "$as_me:$LINENO: result: $ac_cv_lib_des_des_encrypt" >&5 -echo "${ECHO_T}$ac_cv_lib_des_des_encrypt" >&6 -if test $ac_cv_lib_des_des_encrypt = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBDES 1 -_ACEOF - - LIBS="-ldes $LIBS" - -else - { { echo "$as_me:$LINENO: error: library 'des' is required for Kerberos 4" >&5 -echo "$as_me: error: library 'des' is required for Kerberos 4" >&2;} - { (exit 1); exit 1; }; } -fi - - -echo "$as_me:$LINENO: checking for krb_sendauth in -lkrb" >&5 -echo $ECHO_N "checking for krb_sendauth in -lkrb... $ECHO_C" >&6 -if test "${ac_cv_lib_krb_krb_sendauth+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lkrb $LIBS" -cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" - -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char krb_sendauth (); -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -krb_sendauth (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_lib_krb_krb_sendauth=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_lib_krb_krb_sendauth=no -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -echo "$as_me:$LINENO: result: $ac_cv_lib_krb_krb_sendauth" >&5 -echo "${ECHO_T}$ac_cv_lib_krb_krb_sendauth" >&6 -if test $ac_cv_lib_krb_krb_sendauth = yes; then - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBKRB 1 -_ACEOF - - LIBS="-lkrb $LIBS" - -else - { { echo "$as_me:$LINENO: error: library 'krb' is required for Kerberos 4" >&5 -echo "$as_me: error: library 'krb' is required for Kerberos 4" >&2;} - { (exit 1); exit 1; }; } -fi - - -for ac_func in gethostname -do -as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:$LINENO: checking for $ac_func" >&5 -echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 -if eval "test \"\${$as_ac_var+set}\" = set"; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func (); below. */ -#include -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func (); -char (*f) (); - -#ifdef F77_DUMMY_MAIN -# ifdef __cplusplus - extern "C" -# endif - int F77_DUMMY_MAIN() { return 1; } -#endif -int -main () -{ -/* The GNU C library defines this for functions which it implements - to always fail with ENOSYS. Some functions are actually named - something starting with __ and the normal name is an alias. */ -#if defined (__stub_$ac_func) || defined (__stub___$ac_func) -choke me -#else -f = $ac_func; -#endif - - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - eval "$as_ac_var=yes" -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -eval "$as_ac_var=no" -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -fi -echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 -echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 -if test `eval echo '${'$as_ac_var'}'` = yes; then - cat >>confdefs.h <<_ACEOF -#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF - -else - LIBOBJS="$LIBOBJS $ac_func.$ac_objext" -fi -done - - -fi - if test "$with_krb5" = yes ; then echo "$as_me:$LINENO: checking for library containing com_err" >&5 echo $ECHO_N "checking for library containing com_err... $ECHO_C" >&6 @@ -8098,119 +7809,6 @@ fi -if test "$with_krb4" = yes ; then - if test "${ac_cv_header_krb_h+set}" = set; then - echo "$as_me:$LINENO: checking for krb.h" >&5 -echo $ECHO_N "checking for krb.h... $ECHO_C" >&6 -if test "${ac_cv_header_krb_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -fi -echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 -echo "${ECHO_T}$ac_cv_header_krb_h" >&6 -else - # Is the header compilable? -echo "$as_me:$LINENO: checking krb.h usability" >&5 -echo $ECHO_N "checking krb.h usability... $ECHO_C" >&6 -cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -$ac_includes_default -#include -_ACEOF -rm -f conftest.$ac_objext -if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 - (eval $ac_compile) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_header_compiler=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_header_compiler=no -fi -rm -f conftest.$ac_objext conftest.$ac_ext -echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -echo "${ECHO_T}$ac_header_compiler" >&6 - -# Is the header present? -echo "$as_me:$LINENO: checking krb.h presence" >&5 -echo $ECHO_N "checking krb.h presence... $ECHO_C" >&6 -cat >conftest.$ac_ext <<_ACEOF -#line $LINENO "configure" -#include "confdefs.h" -#include -_ACEOF -if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 - (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 - ac_status=$? - egrep -v '^ *\+' conftest.er1 >conftest.err - rm -f conftest.er1 - cat conftest.err >&5 - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } >/dev/null; then - if test -s conftest.err; then - ac_cpp_err=$ac_c_preproc_warn_flag - else - ac_cpp_err= - fi -else - ac_cpp_err=yes -fi -if test -z "$ac_cpp_err"; then - ac_header_preproc=yes -else - echo "$as_me: failed program was:" >&5 - cat conftest.$ac_ext >&5 - ac_header_preproc=no -fi -rm -f conftest.err conftest.$ac_ext -echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -echo "${ECHO_T}$ac_header_preproc" >&6 - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc in - yes:no ) - { echo "$as_me:$LINENO: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&5 -echo "$as_me: WARNING: krb.h: accepted by the compiler, rejected by the preprocessor!" >&2;} - { echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: krb.h: proceeding with the preprocessor's result" >&2;};; - no:yes ) - { echo "$as_me:$LINENO: WARNING: krb.h: present but cannot be compiled" >&5 -echo "$as_me: WARNING: krb.h: present but cannot be compiled" >&2;} - { echo "$as_me:$LINENO: WARNING: krb.h: check for missing prerequisite headers?" >&5 -echo "$as_me: WARNING: krb.h: check for missing prerequisite headers?" >&2;} - { echo "$as_me:$LINENO: WARNING: krb.h: proceeding with the preprocessor's result" >&5 -echo "$as_me: WARNING: krb.h: proceeding with the preprocessor's result" >&2;};; -esac -echo "$as_me:$LINENO: checking for krb.h" >&5 -echo $ECHO_N "checking for krb.h... $ECHO_C" >&6 -if test "${ac_cv_header_krb_h+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_cv_header_krb_h=$ac_header_preproc -fi -echo "$as_me:$LINENO: result: $ac_cv_header_krb_h" >&5 -echo "${ECHO_T}$ac_cv_header_krb_h" >&6 - -fi -if test $ac_cv_header_krb_h = yes; then - : -else - { { echo "$as_me:$LINENO: error: header file is required for Kerberos 4" >&5 -echo "$as_me: error: header file is required for Kerberos 4" >&2;} - { (exit 1); exit 1; }; } -fi - - -fi - if test "$with_krb5" = yes ; then if test "${ac_cv_header_krb5_h+set}" = set; then echo "$as_me:$LINENO: checking for krb5.h" >&5 @@ -17176,7 +16774,6 @@ s,@with_python@,$with_python,;t t s,@ANT@,$ANT,;t t s,@with_java@,$with_java,;t t -s,@with_krb4@,$with_krb4,;t t s,@with_krb5@,$with_krb5,;t t s,@krb_srvtab@,$krb_srvtab,;t t s,@with_pam@,$with_pam,;t t Index: configure.in =================================================================== RCS file: /projects/cvsroot/pgsql-server/configure.in,v retrieving revision 1.251 diff -u -r1.251 configure.in --- configure.in 2003/05/15 17:59:17 1.251 +++ configure.in 2003/05/15 20:25:55 @@ -27,7 +27,7 @@ AC_SUBST(docdir) AC_PREREQ(2.53) -AC_COPYRIGHT([Copyright 2002 PostgreSQL Global Development Group]) +AC_COPYRIGHT([Copyright 2003 PostgreSQL Global Development Group]) AC_CONFIG_SRCDIR([src/backend/access/common/heaptuple.c]) AC_CONFIG_AUX_DIR(config) AC_PREFIX_DEFAULT(/usr/local/pgsql) @@ -392,31 +413,6 @@ dnl is non-standard. # -# Kerberos 4 -# -AC_MSG_CHECKING([whether to build with Kerberos 4 support]) -PGAC_ARG_OPTARG(with, krb4, [[ --with-krb4[=DIR] build with Kerberos 4 support [/usr/athena]]], - [krb4_prefix=/usr/athena], - [krb4_prefix=$withval], -[ - AC_MSG_RESULT(yes) - AC_DEFINE(KRB4, 1, [Define to build with Kerberos 4 support. (--with-krb4)]) - - if test -d "$krb4_prefix/include"; then - INCLUDES="$INCLUDES -I$krb4_prefix/include" - fi - if test -d "$krb4_prefix/lib"; then - LIBDIRS="$LIBDIRS -L$krb4_prefix/lib" - fi - - krb_srvtab="/etc/srvtab" -], -[AC_MSG_RESULT(no)]) - -AC_SUBST(with_krb4) - - -# # Kerberos 5 # AC_MSG_CHECKING([whether to build with Kerberos 5 support]) @@ -439,13 +435,6 @@ [AC_MSG_RESULT(no)]) AC_SUBST(with_krb5) - - -# Using both Kerberos 4 and Kerberos 5 at the same time isn't going to work. -if test "$with_krb4" = yes && test "$with_krb5" = yes ; then - AC_MSG_ERROR([Kerberos 4 and Kerberos 5 support cannot be combined]) -fi - AC_SUBST(krb_srvtab) @@ -636,12 +625,6 @@ Use --without-zlib to disable zlib support.])]) fi -if test "$with_krb4" = yes ; then - AC_CHECK_LIB(des, des_encrypt, [], [AC_MSG_ERROR([library 'des' is required for Kerberos 4])]) - AC_CHECK_LIB(krb, krb_sendauth, [], [AC_MSG_ERROR([library 'krb' is required for Kerberos 4])]) - AC_REPLACE_FUNCS([gethostname]) -fi - if test "$with_krb5" = yes ; then AC_SEARCH_LIBS(com_err, [krb5 'krb5 -ldes -lasn1 -lroken' com_err], [], [AC_MSG_ERROR([could not find function 'com_err' required for Kerberos 5])]) @@ -703,10 +686,6 @@ Use --without-zlib to disable zlib support.])]) fi -if test "$with_krb4" = yes ; then - AC_CHECK_HEADER(krb.h, [], [AC_MSG_ERROR([header file is required for Kerberos 4])]) -fi - if test "$with_krb5" = yes ; then AC_CHECK_HEADER(krb5.h, [], [AC_MSG_ERROR([header file is required for Kerberos 5])]) AC_CHECK_HEADER(com_err.h, [], [AC_MSG_ERROR([header file is required for Kerberos 5])]) Index: doc/src/sgml/client-auth.sgml =================================================================== RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/client-auth.sgml,v retrieving revision 1.46 diff -u -r1.46 client-auth.sgml --- doc/src/sgml/client-auth.sgml 2003/03/13 01:30:26 1.46 +++ doc/src/sgml/client-auth.sgml 2003/05/15 20:26:01 @@ -269,17 +269,6 @@ - krb4 - - - Kerberos V4 is used to authenticate the user. This is only - available for TCP/IP connections. See for details. - - - - - krb5 @@ -582,8 +571,13 @@ In order to use Kerberos, support for it must be enabled at build time. See for more - information. Both Kerberos 4 and 5 are supported, but only one - version can be supported in any one build. + information. Kerberos 4 was formerly supported, however due to fundamental + cryptographic weaknesses in the protocol, support for kerberos 4 has been + removed. Any organizations still using kerberos 4 are strongly advised to + upgrade to kerberos 5 as quickly as possible. See the MIT Kerberos + Security Advisory MITKRB5-SA-2003-004 + for details. @@ -613,11 +607,9 @@ account. (See also ). The location of the key file is specified with the krb_server_keyfile run-time configuration parameter. (See also .) The default is /etc/srvtab - if you are using Kerberos 4 and + linkend="runtime-config">.) The default is FILE:/usr/local/pgsql/etc/krb5.keytab (or whichever - directory was specified as sysconfdir at build time) - with Kerberos 5. + directory was specified as sysconfdir at build time). Index: doc/src/sgml/installation.sgml =================================================================== RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/installation.sgml,v retrieving revision 1.132 diff -u -r1.132 installation.sgml --- doc/src/sgml/installation.sgml 2003/03/25 16:15:36 1.132 +++ doc/src/sgml/installation.sgml 2003/05/15 20:26:04 @@ -824,12 +824,10 @@ - - Build with support for Kerberos authentication. You can use - either Kerberos version 4 or 5, but not both. The + Build with support for Kerberos authentication. The DIRECTORY argument specifies the root directory of the Kerberos installation; /usr/athena is assumed as default. If the Index: doc/src/sgml/release.sgml =================================================================== RCS file: /projects/cvsroot/pgsql-server/doc/src/sgml/release.sgml,v retrieving revision 1.188 diff -u -r1.188 release.sgml --- doc/src/sgml/release.sgml 2003/05/15 15:50:18 1.188 +++ doc/src/sgml/release.sgml 2003/05/15 20:26:08 @@ -46,6 +46,7 @@ Long options for psql and pg_dump are now available on all platforms Read-only transactions Object owners can allow grantees to grant the privilege to others (grant option) +Kerberos 4 support removed due to security vulnerabilities in the krb4 protocol ]]> Index: src/backend/libpq/auth.c =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/auth.c,v retrieving revision 1.101 diff -u -r1.101 auth.c --- src/backend/libpq/auth.c 2003/04/25 03:28:55 1.101 +++ src/backend/libpq/auth.c 2003/05/15 20:26:08 @@ -66,79 +66,7 @@ * into pam_passwd_conv_proc */ #endif /* USE_PAM */ -#ifdef KRB4 -/*---------------------------------------------------------------- - * MIT Kerberos authentication system - protocol version 4 - *---------------------------------------------------------------- - */ -#include "krb.h" - -/* - * pg_krb4_recvauth -- server routine to receive authentication information - * from the client - * - * Nothing unusual here, except that we compare the username obtained from - * the client's setup packet to the authenticated name. (We have to retain - * the name in the setup packet since we have to retain the ability to handle - * unauthenticated connections.) - */ -static int -pg_krb4_recvauth(Port *port) -{ - long krbopts = 0; /* one-way authentication */ - KTEXT_ST clttkt; - char instance[INST_SZ + 1], - version[KRB_SENDAUTH_VLEN + 1]; - AUTH_DAT auth_data; - Key_schedule key_sched; - int status; - - strcpy(instance, "*"); /* don't care, but arg gets expanded - * anyway */ - status = krb_recvauth(krbopts, - port->sock, - &clttkt, - PG_KRB_SRVNAM, - instance, - &port->raddr.in, - &port->laddr.in, - &auth_data, - pg_krb_server_keyfile, - key_sched, - version); - if (status != KSUCCESS) - { - elog(LOG, "pg_krb4_recvauth: kerberos error: %s", - krb_err_txt[status]); - return STATUS_ERROR; - } - if (strncmp(version, PG_KRB4_VERSION, KRB_SENDAUTH_VLEN) != 0) - { - elog(LOG, "pg_krb4_recvauth: protocol version \"%s\" != \"%s\"", - version, PG_KRB4_VERSION); - return STATUS_ERROR; - } - if (strncmp(port->user_name, auth_data.pname, SM_DATABASE_USER) != 0) - { - elog(LOG, "pg_krb4_recvauth: name \"%s\" != \"%s\"", - port->user_name, auth_data.pname); - return STATUS_ERROR; - } - return STATUS_OK; -} - -#else - -static int -pg_krb4_recvauth(Port *port) -{ - elog(LOG, "pg_krb4_recvauth: Kerberos not implemented on this server"); - return STATUS_ERROR; -} -#endif /* KRB4 */ - - #ifdef KRB5 /*---------------------------------------------------------------- * MIT Kerberos authentication system - protocol version 5 @@ -234,8 +162,10 @@ * from the client * * We still need to compare the username obtained from the client's setup - * packet to the authenticated name, as described in pg_krb4_recvauth. This - * is a bit more problematic in v5, as described above in pg_an_to_ln. + * packet to the authenticated name. (We have to retain the name in thei + * setup packet since we have to retain the ability to handle + * unauthenticated connections.) This is a bit more problematic in v5, as + * described above in pg_an_to_ln. * * We have our own keytab file because postgres is unlikely to run as root, * and so cannot read the default keytab. @@ -353,9 +283,6 @@ case uaReject: authmethod = "Rejected host:"; break; - case uaKrb4: - authmethod = "Kerberos4"; - break; case uaKrb5: authmethod = "Kerberos5"; break; @@ -430,11 +357,6 @@ hostinfo, port->user_name, port->database_name); break; } - - case uaKrb4: - sendAuthRequest(port, AUTH_REQ_KRB4); - status = pg_krb4_recvauth(port); - break; case uaKrb5: sendAuthRequest(port, AUTH_REQ_KRB5); Index: src/backend/libpq/hba.c =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v retrieving revision 1.100 diff -u -r1.100 hba.c --- src/backend/libpq/hba.c 2003/04/25 01:24:00 1.100 +++ src/backend/libpq/hba.c 2003/05/15 20:26:09 @@ -494,8 +494,6 @@ *userauth_p = uaIdent; else if (strcmp(token, "password") == 0) *userauth_p = uaPassword; - else if (strcmp(token, "krb4") == 0) - *userauth_p = uaKrb4; else if (strcmp(token, "krb5") == 0) *userauth_p = uaKrb5; else if (strcmp(token, "reject") == 0) @@ -578,8 +576,7 @@ /* * Disallow auth methods that always need AF_INET sockets to work. */ - if (port->auth_method == uaKrb4 || - port->auth_method == uaKrb5) + if (port->auth_method == uaKrb5) goto hba_syntax; if (port->raddr.sa.sa_family != AF_UNIX) Index: src/backend/libpq/pg_hba.conf.sample =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v retrieving revision 1.41 diff -u -r1.41 pg_hba.conf.sample --- src/backend/libpq/pg_hba.conf.sample 2003/01/06 03:18:26 1.41 +++ src/backend/libpq/pg_hba.conf.sample 2003/05/15 20:26:09 @@ -19,8 +19,8 @@ # USER can be "all", an actual user name or a group name prefixed with # "+" or a list containing either. IP-ADDRESS and IP-MASK specify the # set of hosts the record matches. METHOD can be "trust", "reject", -# "md5", "crypt", "password", "krb4", "krb5", "ident", or "pam". Note -# that "password" uses clear-text passwords; "md5" is preferred for +# "md5", "crypt", "password", "krb5", "ident", or "pam". Note that +# "password" uses clear-text passwords; "md5" is preferred for # encrypted passwords. OPTION is the ident map or the name of the PAM # service. # Index: src/backend/po/ru.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/po/ru.po,v retrieving revision 1.10 diff -u -r1.10 ru.po --- src/backend/po/ru.po 2002/11/19 17:21:39 1.10 +++ src/backend/po/ru.po 2003/05/15 20:26:14 @@ -5758,25 +5758,6 @@ msgid "pq_getint: unsupported size %d" msgstr "" -#: libpq/auth.c:106 -#, c-format -msgid "pg_krb4_recvauth: kerberos error: %s" -msgstr "" - -#: libpq/auth.c:112 -#, c-format -msgid "pg_krb4_recvauth: protocol version \"%s\" != \"%s\"" -msgstr "" - -#: libpq/auth.c:118 -#, c-format -msgid "pg_krb4_recvauth: name \"%s\" != \"%s\"" -msgstr "" - -#: libpq/auth.c:130 -msgid "pg_krb4_recvauth: Kerberos not implemented on this server" -msgstr "" - #: libpq/auth.c:190 #, c-format msgid "pg_krb5_init: krb5_init_context returned Kerberos error %d" Index: src/backend/po/sv.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/po/sv.po,v retrieving revision 1.3 diff -u -r1.3 sv.po --- src/backend/po/sv.po 2002/11/19 17:21:39 1.3 +++ src/backend/po/sv.po 2003/05/15 20:26:19 @@ -5648,25 +5648,6 @@ msgid "Memory exhausted in DLNewElem" msgstr "" -#: libpq/auth.c:106 -#, c-format -msgid "pg_krb4_recvauth: kerberos error: %s" -msgstr "" - -#: libpq/auth.c:112 -#, c-format -msgid "pg_krb4_recvauth: protocol version \"%s\" != \"%s\"" -msgstr "" - -#: libpq/auth.c:118 -#, c-format -msgid "pg_krb4_recvauth: name \"%s\" != \"%s\"" -msgstr "" - -#: libpq/auth.c:130 -msgid "pg_krb4_recvauth: Kerberos not implemented on this server" -msgstr "" - #: libpq/auth.c:190 #, c-format msgid "pg_krb5_init: krb5_init_context returned Kerberos error %d" Index: src/include/libpq/auth.h =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/include/libpq/auth.h,v retrieving revision 1.22 diff -u -r1.22 auth.h --- src/include/libpq/auth.h 2003/04/17 22:26:01 1.22 +++ src/include/libpq/auth.h 2003/05/15 20:26:19 @@ -23,8 +23,7 @@ extern void ClientAuthentication(Port *port); -#define PG_KRB4_VERSION "PGVER4.1" /* at most KRB_SENDAUTH_VLEN chars */ -#define PG_KRB5_VERSION "PGVER5.1" +#define PG_KRB5_VERSION "PGVER5.1" /* at most KRB_SENDAUTH_VLEN chars */ extern char *pg_krb_server_keyfile; Index: src/include/libpq/hba.h =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/include/libpq/hba.h,v retrieving revision 1.33 diff -u -r1.33 hba.h --- src/include/libpq/hba.h 2003/04/17 22:26:01 1.33 +++ src/include/libpq/hba.h 2003/05/15 20:26:19 @@ -29,7 +29,6 @@ typedef enum UserAuth { uaReject, - uaKrb4, uaKrb5, uaTrust, uaIdent, Index: src/include/libpq/pqcomm.h =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/include/libpq/pqcomm.h,v retrieving revision 1.85 diff -u -r1.85 pqcomm.h --- src/include/libpq/pqcomm.h 2003/05/08 18:33:32 1.85 +++ src/include/libpq/pqcomm.h 2003/05/15 20:26:19 @@ -161,7 +161,7 @@ /* These are the authentication request codes sent by the backend. */ #define AUTH_REQ_OK 0 /* User is authenticated */ -#define AUTH_REQ_KRB4 1 /* Kerberos V4 */ +#define AUTH_REQ_KRB4 1 /* Kerberos V4 - not supported/removed */ #define AUTH_REQ_KRB5 2 /* Kerberos V5 */ #define AUTH_REQ_PASSWORD 3 /* Password */ #define AUTH_REQ_CRYPT 4 /* crypt password */ Index: src/include/pg_config.h.in =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/include/pg_config.h.in,v retrieving revision 1.46 diff -u -r1.46 pg_config.h.in --- src/include/pg_config.h.in 2003/05/07 03:47:08 1.46 +++ src/include/pg_config.h.in 2003/05/15 20:26:20 @@ -494,9 +494,6 @@ /* Define to the appropriate snprintf format for 64-bit ints, if any. */ #undef INT64_FORMAT -/* Define to build with Kerberos 4 support. (--with-krb4) */ -#undef KRB4 - /* Define to build with Kerberos 5 support. (--with-krb5) */ #undef KRB5 Index: src/include/port.h =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/include/port.h,v retrieving revision 1.1 diff -u -r1.1 port.h --- src/include/port.h 2003/05/15 16:35:29 1.1 +++ src/include/port.h 2003/05/15 20:26:20 @@ -61,10 +61,6 @@ extern int isinf(double x); #endif -#if !defined(HAVE_GETHOSTNAME) && defined(KRB4) -extern int gethostname(char *name, int namelen); -#endif - #ifndef HAVE_RINT extern double rint(double x); #endif Index: src/interfaces/jdbc/org/postgresql/errors.properties =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/jdbc/org/postgresql/errors.properties,v retrieving revision 1.19 diff -u -r1.19 errors.properties --- src/interfaces/jdbc/org/postgresql/errors.properties 2003/03/14 01:21:47 1.19 +++ src/interfaces/jdbc/org/postgresql/errors.properties 2003/05/15 20:26:20 @@ -12,7 +12,6 @@ postgresql.con.fathom:Unable to fathom update count {0} postgresql.con.garbled:Garbled data received. postgresql.con.ioerror:An IO erro occured while sending to the backend - {0} -postgresql.con.kerb4:Kerberos 4 authentication is not supported by this driver. postgresql.con.kerb5:Kerberos 5 authentication is not supported by this driver. postgresql.con.misc:A connection error has occurred: {0} postgresql.con.multres:Cannot handle multiple result groups. Index: src/interfaces/jdbc/org/postgresql/errors_de.properties =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/jdbc/org/postgresql/errors_de.properties,v retrieving revision 1.4 diff -u -r1.4 errors_de.properties --- src/interfaces/jdbc/org/postgresql/errors_de.properties 2003/02/12 06:13:04 1.4 +++ src/interfaces/jdbc/org/postgresql/errors_de.properties 2003/05/15 20:26:20 @@ -13,7 +13,6 @@ postgresql.con.garbled:Unverständliche Daten wurden empfangen. postgresql.con.ioerror:Eingabe/Ausgabe-Fehler: {0} postgresql.con.isolevel:Transaktionsisolation {0} wird nicht unterstützt. -postgresql.con.kerb4:Kerberos-IV-Authentifizierung wird von diesem Treiber nicht unterstützt. postgresql.con.kerb5:Kerberos-V-Authentifizierung wird von diesem Treiber nicht unterstützt. postgresql.con.multres:Mehrere Ergebnisgruppen können nicht verarbeitet werden. postgresql.con.pass:Das Paßwort fehlt. Index: src/interfaces/jdbc/org/postgresql/errors_it.properties =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/jdbc/org/postgresql/errors_it.properties,v retrieving revision 1.4 diff -u -r1.4 errors_it.properties --- src/interfaces/jdbc/org/postgresql/errors_it.properties 2002/04/02 06:24:09 1.4 +++ src/interfaces/jdbc/org/postgresql/errors_it.properties 2003/05/15 20:26:21 @@ -13,7 +13,6 @@ postgresql.con.fathom:Impossibile il conteggio di ``update'' {0} postgresql.con.garbled:Ricevuti dati incomprensibili. postgresql.con.ioerror:Si è verificato un errore di I/O nella spedizione di dati al processo server - {0} -postgresql.con.kerb4:L'autenticazione di tipo ``Kerberos 4'' non è supportata da questo driver. postgresql.con.kerb5:L'autenticazione di tipo ``Kerberos 5'' non è supportata da questo driver. postgresql.con.multres:Impossibile gestire gruppi multipli di risultati. postgresql.con.pass:La proprietà ``password'' è mancante. E` obbligatoria. Index: src/interfaces/jdbc/org/postgresql/errors_nl.properties =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/jdbc/org/postgresql/errors_nl.properties,v retrieving revision 1.3 diff -u -r1.3 errors_nl.properties --- src/interfaces/jdbc/org/postgresql/errors_nl.properties 2002/04/02 06:24:09 1.3 +++ src/interfaces/jdbc/org/postgresql/errors_nl.properties 2003/05/15 20:26:21 @@ -8,7 +8,6 @@ postgresql.con.fathom:Niet in staat om the update telling te peilen {0} postgresql.con.garbled:Verminkte data ontvangen. postgresql.con.ioerror:Een I/O fout trad op tijdens het zenden naar de achterkant - {0} -postgresql.con.kerb4:Kerberos 4 authenticatie wordt niet ondersteund door deze driver. postgresql.con.kerb5:Kerberos 5 authenticatie wordt niet ondersteund door deze driver. postgresql.con.multres:Kan niet omgaan met meerdere resultaat groepen. postgresql.con.pass:Het password, welke verplicht is, ontbreekt. Index: src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java,v retrieving revision 1.18 diff -u -r1.18 AbstractJdbc1Connection.java --- src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java 2003/03/19 04:06:20 1.18 +++ src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Connection.java 2003/05/15 20:26:22 @@ -320,11 +320,6 @@ case AUTH_REQ_OK: break; - case AUTH_REQ_KRB4: - if (Driver.logDebug) - Driver.debug("postgresql: KRB4"); - throw new PSQLException("postgresql.con.kerb4"); - case AUTH_REQ_KRB5: if (Driver.logDebug) Driver.debug("postgresql: KRB5"); Index: src/interfaces/libpq/fe-auth.c =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.c,v retrieving revision 1.77 diff -u -r1.77 fe-auth.c --- src/interfaces/libpq/fe-auth.c 2003/05/15 16:35:30 1.77 +++ src/interfaces/libpq/fe-auth.c 2003/05/15 20:26:22 @@ -64,7 +64,7 @@ */ #define STARTUP_MSG 7 /* Initialise a connection */ -#define STARTUP_KRB4_MSG 10 /* krb4 session follows */ +#define STARTUP_KRB4_MSG 10 /* krb4 session follows - krb4 removed */ #define STARTUP_KRB5_MSG 11 /* krb5 session follows */ #define STARTUP_PASSWORD_MSG 14 /* Password follows */ @@ -87,156 +87,22 @@ * isn't any authentication system. */ static const struct authsvc authsvcs[] = { -#ifdef KRB4 - {"krb4", STARTUP_KRB4_MSG, 1}, - {"kerberos", STARTUP_KRB4_MSG, 1}, -#endif /* KRB4 */ #ifdef KRB5 {"krb5", STARTUP_KRB5_MSG, 1}, {"kerberos", STARTUP_KRB5_MSG, 1}, #endif /* KRB5 */ {UNAUTHNAME, STARTUP_MSG, -#if defined(KRB4) || defined(KRB5) +#if defined(KRB5) 0 -#else /* !(KRB4 || KRB5) */ +#else /* !(KRB5) */ 1 -#endif /* !(KRB4 || KRB5) */ +#endif /* !(KRB5) */ }, {"password", STARTUP_PASSWORD_MSG, 0} }; static const int n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc); -#ifdef KRB4 -/* - * MIT Kerberos authentication system - protocol version 4 - */ - -#include "krb.h" - -/* for some reason, this is not defined in krb.h ... */ -extern char *tkt_string(void); - -/* - * pg_krb4_init -- initialization performed before any Kerberos calls are made - * - * For v4, all we need to do is make sure the library routines get the right - * ticket file if we want them to see a special one. (They will open the file - * themselves.) - */ -static void -pg_krb4_init() -{ - char *realm; - static int init_done = 0; - - if (init_done) - return; - init_done = 1; - - /* - * If the user set PGREALM, then we use a ticket file with a special - * name: @ - */ - if ((realm = getenv("PGREALM"))) - { - char tktbuf[MAXPGPATH]; - - (void) snprintf(tktbuf, sizeof(tktbuf), "%s@%s", tkt_string(), realm); - krb_set_tkt_string(tktbuf); - } -} - -/* - * pg_krb4_authname -- returns a pointer to static space containing whatever - * name the user has authenticated to the system - * - * We obtain this information by digging around in the ticket file. - */ -static char * -pg_krb4_authname(char *PQerrormsg) -{ - char instance[INST_SZ + 1]; - char realm[REALM_SZ + 1]; - int status; - static char name[SNAME_SZ + 1] = ""; - - if (name[0]) - return name; - - pg_krb4_init(); - - name[SNAME_SZ] = '\0'; - status = krb_get_tf_fullname(tkt_string(), name, instance, realm); - if (status != KSUCCESS) - { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb4_authname: krb_get_tf_fullname: %s\n", - krb_err_txt[status]); - return (char *) NULL; - } - return name; -} - -/* - * pg_krb4_sendauth -- client routine to send authentication information to - * the server - * - * This routine does not do mutual authentication, nor does it return enough - * information to do encrypted connections. But then, if we want to do - * encrypted connections, we'll have to redesign the whole RPC mechanism - * anyway. - * - * If the user is too lazy to feed us a hostname, we try to come up with - * something other than "localhost" since the hostname is used as an - * instance and instance names in v4 databases are usually actual hostnames - * (canonicalized to omit all domain suffixes). - */ -static int -pg_krb4_sendauth(char *PQerrormsg, int sock, - struct sockaddr_in * laddr, - struct sockaddr_in * raddr, - const char *hostname) -{ - long krbopts = 0; /* one-way authentication */ - KTEXT_ST clttkt; - int status; - char hostbuf[MAXHOSTNAMELEN]; - const char *realm = getenv("PGREALM"); /* NULL == current realm */ - - if (!hostname || !(*hostname)) - { - if (gethostname(hostbuf, MAXHOSTNAMELEN) < 0) - strcpy(hostbuf, "localhost"); - hostname = hostbuf; - } - - pg_krb4_init(); - - status = krb_sendauth(krbopts, - sock, - &clttkt, - PG_KRB_SRVNAM, - hostname, - realm, - (u_long) 0, - (MSG_DAT *) NULL, - (CREDENTIALS *) NULL, - NULL, - laddr, - raddr, - PG_KRB4_VERSION); - if (status != KSUCCESS) - { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - libpq_gettext("Kerberos 4 error: %s\n"), - krb_err_txt[status]); - return STATUS_ERROR; - } - return STATUS_OK; -} -#endif /* KRB4 */ - #ifdef KRB5 /* * MIT Kerberos authentication system - protocol version 5 @@ -572,7 +438,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, const char *password, char *PQerrormsg) { -#if !defined(KRB4) && !defined(KRB5) +#if !defined(KRB5) (void) hostname; /* not used */ #endif @@ -581,23 +447,6 @@ case AUTH_REQ_OK: break; - case AUTH_REQ_KRB4: -#ifdef KRB4 - if (pg_krb4_sendauth(PQerrormsg, conn->sock, &conn->laddr.in, - &conn->raddr.in, - hostname) != STATUS_OK) - { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - libpq_gettext("Kerberos 4 authentication failed\n")); - return STATUS_ERROR; - } - break; -#else - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - libpq_gettext("Kerberos 4 authentication not supported\n")); - return STATUS_ERROR; -#endif - case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in, @@ -715,17 +564,12 @@ if (authsvc == 0) return NULL; /* leave original error message in place */ -#ifdef KRB4 - if (authsvc == STARTUP_KRB4_MSG) - name = pg_krb4_authname(PQerrormsg); -#endif #ifdef KRB5 if (authsvc == STARTUP_KRB5_MSG) name = pg_krb5_authname(PQerrormsg); #endif if (authsvc == STARTUP_MSG - || (authsvc == STARTUP_KRB4_MSG && !name) || (authsvc == STARTUP_KRB5_MSG && !name)) { #ifdef WIN32 @@ -742,7 +586,7 @@ #endif } - if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB4_MSG && authsvc != STARTUP_KRB5_MSG) + if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB5_MSG) snprintf(PQerrormsg, PQERRORMSG_LENGTH, libpq_gettext("fe_getauthname: invalid authentication system: %d\n"), authsvc); Index: src/interfaces/libpq/fe-auth.h =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.h,v retrieving revision 1.16 diff -u -r1.16 fe-auth.h --- src/interfaces/libpq/fe-auth.h 2002/06/20 20:29:53 1.16 +++ src/interfaces/libpq/fe-auth.h 2003/05/15 20:26:22 @@ -27,11 +27,11 @@ #define UNAUTHNAME "unauth" /* what a frontend uses by default */ -#if !defined(KRB4) && !defined(KRB5) +#if !defined(KRB5) #define DEFAULT_CLIENT_AUTHSVC UNAUTHNAME -#else /* KRB4 || KRB5 */ +#else /* KRB5 */ #define DEFAULT_CLIENT_AUTHSVC "kerberos" -#endif /* KRB4 || KRB5 */ +#endif /* KRB5 */ extern int fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, const char *password, char *PQerrormsg); @@ -39,7 +39,6 @@ extern void fe_setauthsvc(const char *name, char *PQerrormsg); extern char *fe_getauthname(char *PQerrormsg); -#define PG_KRB4_VERSION "PGVER4.1" /* at most KRB_SENDAUTH_VLEN chars */ -#define PG_KRB5_VERSION "PGVER5.1" +#define PG_KRB5_VERSION "PGVER5.1" /* at most KRB_SENDAUTH_VLEN chars */ #endif /* FE_AUTH_H */ Index: src/interfaces/libpq/po/cs.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/cs.po,v retrieving revision 1.1 diff -u -r1.1 cs.po --- src/interfaces/libpq/po/cs.po 2002/08/21 20:42:27 1.1 +++ src/interfaces/libpq/po/cs.po 2003/05/15 20:26:22 @@ -13,11 +13,6 @@ "Content-Type: text/plain; charset=ISO-8859-2\n" "Content-Transfer-Encoding: 8bit\n" -#: fe-auth.c:228 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "Kerberos 4 chyba: %s\n" - #: fe-auth.c:391 #, c-format msgid "could not set socket to blocking mode: %s\n" @@ -36,14 +31,6 @@ #: fe-auth.c:490 msgid "SCM_CRED authentication method not supported\n" msgstr "autentifikaèní metoda SCM_CRED není podporována\n" - -#: fe-auth.c:576 -msgid "Kerberos 4 authentication failed\n" -msgstr "Kerberos 4 neùspì¹ná autentifikace\n" - -#: fe-auth.c:582 -msgid "Kerberos 4 authentication not supported\n" -msgstr "Kerberos 4 autentifikace není podporována\n" #: fe-auth.c:593 msgid "Kerberos 5 authentication failed\n" Index: src/interfaces/libpq/po/de.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/de.po,v retrieving revision 1.2 diff -u -r1.2 de.po --- src/interfaces/libpq/po/de.po 2002/09/22 20:57:21 1.2 +++ src/interfaces/libpq/po/de.po 2003/05/15 20:26:22 @@ -16,11 +16,6 @@ "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: fe-auth.c:232 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "Kerberos-4-Fehler: %s\n" - #: fe-auth.c:395 #, c-format msgid "could not set socket to blocking mode: %s\n" @@ -41,14 +36,6 @@ #: fe-auth.c:503 msgid "SCM_CRED authentication method not supported\n" msgstr "SCM_CRED-Authentifizierungsmethode nicht unterstützt\n" - -#: fe-auth.c:589 -msgid "Kerberos 4 authentication failed\n" -msgstr "Authentifizierung mit Kerberos 4 schlug fehl\n" - -#: fe-auth.c:595 -msgid "Kerberos 4 authentication not supported\n" -msgstr "Authentifizierung mit Kerberos 4 nicht unterstützt\n" #: fe-auth.c:606 msgid "Kerberos 5 authentication failed\n" Index: src/interfaces/libpq/po/es.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/es.po,v retrieving revision 1.1 diff -u -r1.1 es.po --- src/interfaces/libpq/po/es.po 2002/09/02 22:22:12 1.1 +++ src/interfaces/libpq/po/es.po 2003/05/15 20:26:23 @@ -15,11 +15,6 @@ "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 0.9.6\n" -#: fe-auth.c:232 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "Error de Kerberos 4: %s\n" - #: fe-auth.c:395 #, c-format msgid "could not set socket to blocking mode: %s\n" @@ -38,14 +33,6 @@ #: fe-auth.c:503 msgid "SCM_CRED authentication method not supported\n" msgstr "El método de autentificación SCM_CRED no está soportado\n" - -#: fe-auth.c:589 -msgid "Kerberos 4 authentication failed\n" -msgstr "Autentificación Kerberos 4 fallida\n" - -#: fe-auth.c:595 -msgid "Kerberos 4 authentication not supported\n" -msgstr "El método de autentificación Kerberos 4 no está soportado\n" #: fe-auth.c:606 msgid "Kerberos 5 authentication failed\n" Index: src/interfaces/libpq/po/fr.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/fr.po,v retrieving revision 1.1 diff -u -r1.1 fr.po --- src/interfaces/libpq/po/fr.po 2002/08/21 20:42:27 1.1 +++ src/interfaces/libpq/po/fr.po 2003/05/15 20:26:23 @@ -16,11 +16,6 @@ "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: fe-auth.c:228 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "erreur de Kerberos 4: %s\n" - #: fe-auth.c:391 #, c-format msgid "could not set socket to blocking mode: %s\n" @@ -39,14 +34,6 @@ #: fe-auth.c:490 msgid "SCM_CRED authentication method not supported\n" msgstr "méthode d'authentification SCM_CRED non supportée\n" - -#: fe-auth.c:576 -msgid "Kerberos 4 authentication failed\n" -msgstr "échec d'authentification Kerberos 4\n" - -#: fe-auth.c:582 -msgid "Kerberos 4 authentication not supported\n" -msgstr "authentification Kerberos 4 non supportée\n" #: fe-auth.c:593 msgid "Kerberos 5 authentication failed\n" Index: src/interfaces/libpq/po/ru.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/ru.po,v retrieving revision 1.3 diff -u -r1.3 ru.po --- src/interfaces/libpq/po/ru.po 2002/10/14 19:04:28 1.3 +++ src/interfaces/libpq/po/ru.po 2003/05/15 20:26:23 @@ -19,11 +19,6 @@ "Content-Type: text/plain; charset=koi8-r\n" "Content-Transfer-Encoding: 8bit\n" -#: fe-auth.c:232 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "ïÛÉÂËÁ Kerberos 4: %s\n" - #: fe-auth.c:395 #, c-format msgid "could not set socket to blocking mode: %s\n" @@ -42,14 +37,6 @@ #: fe-auth.c:503 msgid "SCM_CRED authentication method not supported\n" msgstr "áÕÔÅÎÔÉÆÉËÁÃÉÑ SCM_CRED ÎÅ ÐÏÄÄÅÒÖÉ×ÁÅÔÓÑ\n" - -#: fe-auth.c:589 -msgid "Kerberos 4 authentication failed\n" -msgstr "áÕÔÅÎÔÉÆÉËÁÃÉÑ Kerberos 4 ÎÅ ÕÄÁÌÁÓØ\n" - -#: fe-auth.c:595 -msgid "Kerberos 4 authentication not supported\n" -msgstr "áÕÔÅÎÔÉÆÉËÁÃÉÑ Kerberos 4 ÎÅ ÐÏÄÄÅÒÖÉ×ÁÅÔÓÑ\n" #: fe-auth.c:606 msgid "Kerberos 5 authentication failed\n" Index: src/interfaces/libpq/po/sv.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/sv.po,v retrieving revision 1.4 diff -u -r1.4 sv.po --- src/interfaces/libpq/po/sv.po 2002/10/14 19:04:28 1.4 +++ src/interfaces/libpq/po/sv.po 2003/05/15 20:26:23 @@ -17,11 +17,6 @@ "Content-Type: text/plain; charset=ISO-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: fe-auth.c:232 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "Kerberos-4-fel: %s\n" - #: fe-auth.c:395 #, c-format msgid "could not set socket to blocking mode: %s\n" @@ -40,14 +35,6 @@ #: fe-auth.c:503 msgid "SCM_CRED authentication method not supported\n" msgstr "autentiseringsmetoden SCM_CRED stöds ej\n" - -#: fe-auth.c:589 -msgid "Kerberos 4 authentication failed\n" -msgstr "Kerberos-4-autentisering misslyckades\n" - -#: fe-auth.c:595 -msgid "Kerberos 4 authentication not supported\n" -msgstr "Kerberos-4-autentisering stöds ej\n" #: fe-auth.c:606 msgid "Kerberos 5 authentication failed\n" Index: src/interfaces/libpq/po/zh_CN.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/zh_CN.po,v retrieving revision 1.2 diff -u -r1.2 zh_CN.po --- src/interfaces/libpq/po/zh_CN.po 2002/10/14 19:04:28 1.2 +++ src/interfaces/libpq/po/zh_CN.po 2003/05/15 20:26:24 @@ -14,12 +14,6 @@ "Content-Type: text/plain; charset=GB2312\n" "Content-Transfer-Encoding: 8bit\n" -# fe-auth.c:232 -#: fe-auth.c:232 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "Kerberos 4 ´íÎó: %s\n" - # fe-auth.c:395 #: fe-auth.c:395 #, c-format @@ -42,16 +36,6 @@ #: fe-auth.c:503 msgid "SCM_CRED authentication method not supported\n" msgstr "²»Ö§³Ö SCM_CRED ÈÏÖ¤·½Ê½\n" - -# fe-auth.c:589 -#: fe-auth.c:589 -msgid "Kerberos 4 authentication failed\n" -msgstr "Kerberos 4 ÈÏ֤ʧ°Ü\n" - -# fe-auth.c:595 -#: fe-auth.c:595 -msgid "Kerberos 4 authentication not supported\n" -msgstr "²»Ö§³Ö Kerberos 4 ÈÏÖ¤\n" # fe-auth.c:606 #: fe-auth.c:606 Index: src/interfaces/libpq/po/zh_TW.po =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/po/zh_TW.po,v retrieving revision 1.1 diff -u -r1.1 zh_TW.po --- src/interfaces/libpq/po/zh_TW.po 2002/08/21 20:42:27 1.1 +++ src/interfaces/libpq/po/zh_TW.po 2003/05/15 20:26:24 @@ -13,11 +13,6 @@ "Content-Type: text/plain; charset=Big5\n" "Content-Transfer-Encoding: 8bit\n" -#: fe-auth.c:228 -#, c-format -msgid "Kerberos 4 error: %s\n" -msgstr "Kerberos 4 ¿ù»~: %s\n" - #: fe-auth.c:391 #, c-format msgid "could not set socket to blocking mode: %s\n" @@ -36,14 +31,6 @@ #: fe-auth.c:490 msgid "SCM_CRED authentication method not supported\n" msgstr "¤£¤ä´© SCM_CRED »{ÃҤ覡\n" - -#: fe-auth.c:576 -msgid "Kerberos 4 authentication failed\n" -msgstr "Kerberos 4 »{ÃÒ¥¢±Ñ\n" - -#: fe-auth.c:582 -msgid "Kerberos 4 authentication not supported\n" -msgstr "¤£¤ä´© Kerberos 4 »{ÃҤ覡\n" #: fe-auth.c:593 msgid "Kerberos 5 authentication failed\n"