> > > > auth.c: In function `pg_krb5_recvauth':
> > > > auth.c:294: structure has no member named `user'
> > >
> > > Ooops, my fault --- I didn't build with Kerberos support after
> > > changing those field names.
> > >
> > > Now that I think about it, there might be similar omissions in the
> > > PAM or Kerberos4 support --- can anyone try those?
> >
> > krb4 code should be removed from PostgreSQL ASAP for various
> > insecurities in the protocol. It's been removed from FreeBSD, MIT,
> > and Heimdal's code base and is officially unsupported as of June this
> > year. -sc
>
> I have added the following to our documentation in the Kerberos section:
>
> <para>
> While <productname>PostgreSQL</> supports both Kerberos 4 and
> Kerberos 5, only Kerberos 5 is recommended. Kerberos 4 is
> considered insecure and no longer recommended for general
> use.
> </para>
iirc, we were going to depreciate kerberos 4 in the 7.4 release notes
and remove support for it for 7.5, giving users one full release cycle
to move to krb5.
There any plans to include the appropriate verbiage to allow for krb4's
future deorbit?
-sc
--
Sean Chittenden
