Prior to Solaris 11 (Nevada), the full Kerberos 5 API was never exposed
(only the gss interface), so building PostgreSQL with the "--with-krb5"
option is a problem.
In Nevada, Sun has exposed the full MIT Kerberos 5 API (v1.4.0). So
building PostgreSQL with Kerberos should be possible/easy. If I try to
build 8.1.4 though, it fails with the following error:
$ ./configure --with-krb5 --without-readline
checking build system type... sparc-sun-solaris2.11
checking host system type... sparc-sun-solaris2.11
... snip ...
checking for library containing com_err... -lkrb5
checking for library containing krb5_encrypt... no
configure: error: could not find function 'krb5_encrypt' required for
Kerberos 5
This is because in krb5 v1.4.0, the krb5_encrypt() function is
deprecated/removed, so doesn't exist anywhere in the Solaris libraries.
It is replaced by krb5_c_encrypt() (I think this change occurred
sometime between krb5 v1.2.1 and v1.4.0)
But looking more closely at the PostgreSQL 8.1.4 code, I see that it
never even uses the krb5_encrypt() function anyway! So although it's
presence might be a useful method for detecting the presence of Kerberos
5 (pre v1.4.0), it seems unnecessary for the successful operation of
PostgreSQL.
By simply removing the check for krb5_encrypt() from the configure
script, I can successfully build PostgreSQL with krb5 on Nevada.
Does anyone know why the check for krb5_encrypt() exists in configure
when the code doesn't use it? And would absence of a good reason
indicate this is a bug (and the check should be removed)?
Regards,
Jim
