Yes, that'd be in the GSSENC code, which I hadn't been expecting to be
used under Windows.
Here's a patch to make it build successfully (against head). I believe the changes to Solution.pm should be back patched all the way, and the rest to 12.
Testing however, has been more problematic - I suspect at least partly because of my Kerberos newbie-ness. I have a test server in an Ubuntu VM, which I've used quite successfully to authenticate against another VM running PG 12 on Ubuntu, from both Ubuntu and Windows clients. Using that, but with a Windows client running MIT Kerberos I find that getting a ticket takes a good 30 seconds or so. Postgres also seems to get it's ticket successfully via the keytab file:
C:\pg>"c:\Program Files\MIT\Kerberos\bin\klist.exe"
Ticket cache: API:Initial default ccache
Default principal:
dpage@PGADMIN.ORGValid starting Expires Service principal
09/02/20 15:06:49 09/03/20 01:06:49 krbtgt/
PGADMIN.ORG@PGADMIN.ORG renew until 09/03/20 15:06:31
09/02/20 15:07:06 09/03/20 01:06:49 postgres/win-ilt1arj8a9c@
renew until 09/03/20 15:06:31
09/02/20 15:07:06 09/03/20 01:06:49 postgres/
win-ilt1arj8a9c@PGADMIN.ORG renew until 09/03/20 15:06:31
However, If I try to login using host + gss in the pg_hba.conf file, I then get:
C:\pg>bin\psql postgres
psql: error: could not connect to server: SSPI continuation error: No credentials are available in the security package
(8009030e)
If I try to use hostgssenc + gss, it looks like it's not even trying to encrypt:
C:\pg>bin\psql postgres
psql: error: could not connect to server: FATAL: no pg_hba.conf entry for host "::1", user "dpage", database "postgres", SSL off
Any ideas?
