Re: Deprecations in authentication

On Sun, Jan 12, 2014 at 4:35 PM, Magnus Hagander <magnus(at)hagander(dot)net>wrote:

> On Sat, Jan 11, 2014 at 9:45 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>
>> On Thu, 2013-10-24 at 20:37 +0200, Magnus Hagander wrote:
>> > On Thu, Oct 24, 2013 at 8:35 PM, Peter Eisentraut <peter_e(at)gmx(dot)net>
>> > wrote:
>> > > On 10/18/12, 7:20 AM, Magnus Hagander wrote:
>> > >> 1. krb5 authentication. We've had gssapi since 8.3 (which means in
>> > all
>> > >> supported versions). krb5 has been deprecated, also since 8.3. Time
>> > to
>> > >> remove it?
>> > >
>> > > OS X Mavericks has now marked just about everything in krb5.h as
>> > > deprecated, leading to compiler warnings. Which reminded me of this
>> > > thread. Maybe it's time.
>> >
>> > Yeah, it's still sitting on my TODO to get done for 9.4. I guess
>> > that's another reason...
>>
>> Are you still planning to do this?
>>
>>
> I am. So I really need to pick up the ball on that :S
>
>
Here's a patch that removes the deprecated krb5 authentication, and leaves
just GSSAPI.

I haven't actually tested GSSAPI *working* after this as my krb env is
broken, but it does compile. And I don't see why the workings should be
affected. But if somebody with a working GSSAPI environment could test it,
that would be much appreciated (I'll get mine fixed of course, but right
now I'd like to get it on the buildfarm sooner rather than later to pick up
build issues).

The large changes to the docs is sections moved with copy/paste from the
old kerberos section to the gssapi section - I didn't rewrite that much
docs :)

One thing I noticed - in MSVC, the config parameter "krb5" (equivalent of
the removed --with-krb5) enabled *both* krb5 and gssapi, and there is no
separate config parameter for gssapi. Do we want to rename that one to
"gss", or do we want to keep it as "krb5"? Renaming it would break
otherwise working environments, but it's kind of weird to leave it...
There's already a "GetFakeConfigure" function there that does the wrong
thing.

I think we should rename it, but I wanted to raise the issue for discussion.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/