fi
+done
+
+ for ac_header in gssapi/gssapi_ext.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi_ext.h" "ac_cv_header_gssapi_gssapi_ext_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_gssapi_ext_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_GSSAPI_EXT_H 1
+_ACEOF
+
+else
+ for ac_header in gssapi_ext.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "gssapi_ext.h" "ac_cv_header_gssapi_ext_h" "$ac_includes_default"
+if test "x$ac_cv_header_gssapi_ext_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GSSAPI_EXT_H 1
+_ACEOF
+
+else
+ as_fn_error $? "gssapi_ext.h header file is required for GSSAPI" "$LINENO" 5
+fi
+
+done
+
+fi
+
done
fi
if test "$with_gssapi" = yes ; then
AC_CHECK_HEADERS(gssapi/gssapi.h, [],
[AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])])
+ AC_CHECK_HEADERS(gssapi/gssapi_ext.h, [],
+ [AC_CHECK_HEADERS(gssapi_ext.h, [], [AC_MSG_ERROR([gssapi_ext.h header file is required for GSSAPI])])])
fi
PGAC_PATH_PROGS(OPENSSL, openssl)
The keytab file is generated using the Kerberos software; see the
Kerberos documentation for details. The following example shows
doing this using the <application>kadmin</application> tool of
- MIT-compatible Kerberos 5 implementations:
+ MIT Kerberos:
<screen>
<prompt>kadmin% </prompt><userinput>addprinc -randkey postgres/server.my.domain.org</userinput>
<prompt>kadmin% </prompt><userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</userinput>
<listitem>
<para>
- You need <application>Kerberos</application>, <productname>OpenLDAP</productname>,
- and/or <application>PAM</application>, if you want to support authentication
- using those services.
+ You need <application>MIT Kerberos</application> (for GSSAPI),
+ <productname>OpenLDAP</productname>, and/or <application>PAM</application>,
+ if you want to support authentication using those services.
</para>
</listitem>
<term><option>--with-gssapi</option></term>
<listitem>
<para>
- Build with support for GSSAPI authentication. On many systems, the
- GSSAPI system (usually a part of the Kerberos installation) is not
- installed in a location
+ Build with support for GSSAPI authentication. MIT Kerberos is required
+ to be installed for GSSAPI. On many systems, the GSSAPI system (a part
+ of the MIT Kerberos installation) is not installed in a location
that is searched by default (e.g., <filename>/usr/include</filename>,
<filename>/usr/lib</filename>), so you must use the options
<option>--with-includes</option> and <option>--with-libraries</option> in
<term><option>-Dgssapi={ auto | enabled | disabled }</option></term>
<listitem>
<para>
- Build with support for GSSAPI authentication. On many systems, the
- GSSAPI system (usually a part of the Kerberos installation) is not
- installed in a location that is searched by default (e.g.,
- <filename>/usr/include</filename>, <filename>/usr/lib</filename>). In
+ Build with support for GSSAPI authentication. MIT Kerberos is required
+ to be installed for GSSAPI. On many systems, the GSSAPI system (a part
+ of the MIT Kerberos installation) is not installed in a location
+ that is searched by default (e.g., <filename>/usr/include</filename>,
+ <filename>/usr/lib</filename>). In
those cases, PostgreSQL will query <command>pkg-config</command> to
detect the required compiler and linker options. Defaults to auto.
<filename>meson configure</filename> will check for the required
have_gssapi = false
endif
+ if not have_gssapi
+ elif cc.check_header('gssapi/gssapi_ext.h', dependencies: gssapi, required: false,
+ args: test_c_args, include_directories: postgres_inc)
+ cdata.set('HAVE_GSSAPI_GSSAPI_EXT_H', 1)
+ elif cc.check_header('gssapi_ext.h', args: test_c_args, dependencies: gssapi, required: gssapiopt)
+ cdata.set('HAVE_GSSAPI_EXT_H', 1)
+ else
+ have_gssapi = false
+ endif
+
if not have_gssapi
elif cc.has_function('gss_init_sec_context', dependencies: gssapi,
args: test_c_args, include_directories: postgres_inc)
gss_cred_id_t delegated_creds;
/*
- * Use the configured keytab, if there is one. Unfortunately, Heimdal
- * doesn't support the cred store extensions, so use the env var.
+ * Use the configured keytab, if there is one. As we now require MIT
+ * Kerberos, we might consider using the credential store extensions in
+ * the future instead of the environment variable.
*/
if (pg_krb_server_keyfile != NULL && pg_krb_server_keyfile[0] != '\0')
{
PqGSSRecvLength = PqGSSResultLength = PqGSSResultNext = 0;
/*
- * Use the configured keytab, if there is one. Unfortunately, Heimdal
- * doesn't support the cred store extensions, so use the env var.
+ * Use the configured keytab, if there is one. As we now require MIT
+ * Kerberos, we might consider using the credential store extensions in the
+ * future instead of the environment variable.
*/
if (pg_krb_server_keyfile != NULL && pg_krb_server_keyfile[0] != '\0')
{
projects / postgresql-pgindent.git / commitdiff