Re: Deprecations in authentication

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: Deprecations in authentication
Дата
Msg-id CABUevEySzCWi2T6WdVQuQ1AG6NWfLwf6CYUTdY5A04EKg+kpsQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Deprecations in authentication  (Magnus Hagander <magnus@hagander.net>)
Ответы Re: Deprecations in authentication  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
Дерево обсуждения
On Sun, Jan 12, 2014 at 4:35 PM, Magnus Hagander <magnus@hagander.net> wrote:
On Sat, Jan 11, 2014 at 9:45 PM, Peter Eisentraut <peter_e@gmx.net> wrote:
On Thu, 2013-10-24 at 20:37 +0200, Magnus Hagander wrote:
> On Thu, Oct 24, 2013 at 8:35 PM, Peter Eisentraut <peter_e@gmx.net>
> wrote:
> > On 10/18/12, 7:20 AM, Magnus Hagander wrote:
> >> 1. krb5 authentication. We've had gssapi since 8.3 (which means in
> all
> >> supported versions). krb5 has been deprecated, also since 8.3. Time
> to
> >> remove it?
> >
> > OS X Mavericks has now marked just about everything in krb5.h as
> > deprecated, leading to compiler warnings.  Which reminded me of this
> > thread.  Maybe it's time.
>
> Yeah, it's still sitting on my TODO to get done for 9.4. I guess
> that's another reason...

Are you still planning to do this?


I am. So I really need to pick up the ball on that :S


Here's a patch that removes the deprecated krb5 authentication, and leaves just GSSAPI.

I haven't actually tested GSSAPI *working* after this as my krb env is broken, but it does compile. And I don't see why the workings should be affected. But if somebody with a working GSSAPI environment could test it, that would be much appreciated (I'll get mine fixed of course, but right now I'd like to get it on the buildfarm sooner rather than later to pick up build issues).

The large changes to the docs is sections moved with copy/paste from the old kerberos section to the gssapi section - I didn't rewrite that much docs :)

One thing I noticed - in MSVC, the config parameter "krb5" (equivalent of the removed --with-krb5) enabled *both* krb5 and gssapi, and there is no separate config parameter for gssapi. Do we want to rename that one to "gss", or do we want to keep it as "krb5"? Renaming it would break otherwise working environments, but it's kind of weird to leave it... There's already a "GetFakeConfigure" function there that does the wrong thing.

I think we should rename it, but I wanted to raise the issue for discussion.


--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/
Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andres Freund
Дата:
Сообщение: Re: Soften pg_[start|stop]_backup to allow them on a standby?
Следующее
От: Andrew Dunstan
Дата:
Сообщение: Re: nested hstore patch - FailedAssertion("!(value->array.nelems == 1)