Greetings,
* Stephen Frost (sfrost@snowman.net) wrote:
> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
> > Stephen Frost <sfrost@snowman.net> writes:
> > > * Tom Lane (tgl@sss.pgh.pa.us) wrote:
> > >> It's whatever Apple is shipping, or was shipping last year or so.
> >
> > > Sadly they've not been maintaining the Kerberos libraries at all on
> > > their systems.
> >
> > Indeed :-(. I wouldn't be surprised if there are security issues in
> > their version. Perhaps what we really ought to do is refuse to build
> > with their version --- but if so, we need some clearer error message
> > about it.
>
> The attached should (I believe?) at least add the needed check for
> gssapi_ext.h which will cause builds to fail and complain about the
> header being missing from their installation.
>
> I'm certainly open to ideas about how to provide a better error message,
> particularly on OSX systems which have an ancient version, to make it
> clear that people need to install an updated version. I don't have an
> OSX system at hand though.
>
> Should I push this to at least address the header check ... ?
Looks like buildfarm animal hake, at least, has a version recent enough
to have gssapi_ext.h ... but still older than 1.11 and therefore
doesn't have the type gss_key_value_element_desc defined, so maybe the
check for gss_store_cred_into would be better?
Certainly interesting how many old kerberos library installations there
are, even in our buildfarm..
Thanks!
Stephen
