Re: SSPI client authentication in non-Windows builds

On Sun, Jan 23, 2011 at 16:02, Christian Ullrich <chris(at)chrullrich(dot)net> wrote:
> * Christian Ullrich wrote:
>
>> Magnus Hagander wrote:
>
>>> On Mon, Jan 3, 2011 at 14:11, Christian Ullrich<chris(at)chrullrich(dot)net>
>>> wrote:
>
>>>> This change has been tested and works correctly on FreeBSD 8.1, using
>>>> the Kerberos and GSSAPI libraries from Heimdal 1.4. The server is
>>>> running PostgreSQL 9.0.2 on Windows 2008.
>
>>> Does this require some certain minimum version of the kerberos
>>> libraries? Do you know if it works with just Heimdal or both Heimdal
>>> and MIT?
>
>> it works with anything but the configuration I mentioned. I will do some
>> more testing this week, but I'm limited in the number of combinations I
>> can try; some randomly chosen Linux distributions with whatever Kerberos
>> they ship and the Heimdal from the FreeBSD 8 base system instead of the
>> port (if I can get PostgreSQL to build with that) against Windows 2003
>> and 2008 is probably going to be all I can offer. Expect a report early
>> next week.
>
> This is what I tested this week. If there are any additional questions,
> please let me know.

Thanks, this is exactly the kind of testing I was hoping for - or
rather, it's a lot more extensive than I was hoping for :)

However, i think the code path down around the error message is simply
incorrect. That #ifdef spaghetti is pretty hard to parse, but it gives
the wrong error message (we should say it's sspi that's not available
when we have none of the two options) and/or a "duplicate case label"
error, in some combinations of sspi/gssapi existing/notexisting.

Attached is an updated version of the patch that passes compiling on
all my systems in different combinations, including msvc. Can you
verify that it still works in your env? (you don't have to retest all
those platforms!)

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/