Thread: GSSAPI patch
I have applied the latest version of the GSSAPI patch with only minor further fixes. I'm still working on the documentation part and will make a separate commit with that as soon as I can. I'd appreciate it if people can run tests with this on some other platforms (I've only tested on Ubuntu linux and Win32). Specifically, I'm certain that the autoconf stuff will need to be expanded a bit in order to work for them all. /Magnus
Magnus Hagander <magnus@hagander.net> writes:
> I'd appreciate it if people can run tests with this on some other platforms
> (I've only tested on Ubuntu linux and Win32). Specifically, I'm certain
> that the autoconf stuff will need to be expanded a bit in order to work for
> them all.
What sort of tests have you got in mind?
regards, tom lane
On Tue, Jul 10, 2007 at 10:43:22AM -0400, Tom Lane wrote: > Magnus Hagander <magnus@hagander.net> writes: > > I'd appreciate it if people can run tests with this on some other platforms > > (I've only tested on Ubuntu linux and Win32). Specifically, I'm certain > > that the autoconf stuff will need to be expanded a bit in order to work for > > them all. > > What sort of tests have you got in mind? The one I'm most looking for is simply being able to build with GSSAPI enabled. I don't foresee any problems between implementations (there could be of course, but the standard defines the protocol), but I'm sure headers and libraries could be in different places and have different names. Actually testing the authentication itself is of course a bonus :-) I've only tested it against Active Directory, but IIRC Henry has used a Unix based Kerberos server. But more testing is always good. //Magnus
Magnus Hagander wrote: > On Tue, Jul 10, 2007 at 10:43:22AM -0400, Tom Lane wrote: >> Magnus Hagander <magnus@hagander.net> writes: >>> I'd appreciate it if people can run tests with this on some other platforms >>> (I've only tested on Ubuntu linux and Win32). Specifically, I'm certain >>> that the autoconf stuff will need to be expanded a bit in order to work for >>> them all. >> What sort of tests have you got in mind? > > The one I'm most looking for is simply being able to build with GSSAPI > enabled. I don't foresee any problems between implementations (there could > be of course, but the standard defines the protocol), but I'm sure headers > and libraries could be in different places and have different names. this sounds more like a headsup to the buildfarm owners to add that flag to their configuration ? Stefan
Stefan Kaltenbrunner wrote: > Magnus Hagander wrote: >> On Tue, Jul 10, 2007 at 10:43:22AM -0400, Tom Lane wrote: >>> Magnus Hagander <magnus@hagander.net> writes: >>>> I'd appreciate it if people can run tests with this on some other platforms >>>> (I've only tested on Ubuntu linux and Win32). Specifically, I'm certain >>>> that the autoconf stuff will need to be expanded a bit in order to work for >>>> them all. >>> What sort of tests have you got in mind? >> The one I'm most looking for is simply being able to build with GSSAPI >> enabled. I don't foresee any problems between implementations (there could >> be of course, but the standard defines the protocol), but I'm sure headers >> and libraries could be in different places and have different names. > > this sounds more like a headsup to the buildfarm owners to add that flag > to their configuration ? Yes, but I'd like to see it tested on a couple of more platforms before that :-) But hey, please go ahead... //Magnus
On Jul 10, 2007, at 7:49 AM, Magnus Hagander wrote:
> On Tue, Jul 10, 2007 at 10:43:22AM -0400, Tom Lane wrote:
>> Magnus Hagander <magnus@hagander.net> writes:
>>> I'd appreciate it if people can run tests with this on some other
>>> platforms
>>> (I've only tested on Ubuntu linux and Win32). Specifically, I'm
>>> certain
>>> that the autoconf stuff will need to be expanded a bit in order
>>> to work for
>>> them all.
>>
>> What sort of tests have you got in mind?
>
> The one I'm most looking for is simply being able to build with GSSAPI
> enabled. I don't foresee any problems between implementations
> (there could
> be of course, but the standard defines the protocol), but I'm sure
> headers
> and libraries could be in different places and have different names.
>
> Actually testing the authentication itself is of course a bonus :-)
> I've only tested it against Active Directory, but IIRC Henry has
> used a
> Unix based Kerberos server. But more testing is always good.
>
> //Magnus
Yes, I was using a Heimdal Kerberos server and Solaris 9 or MIT
GSSAPI client libraries. ("Client" means Kerberos client so it's
both client and server for Postgres.)
I just DL'ed the "2007-07-10 08:16:17" snapshot and I don't see any
reference to "gss" or "GSS" in configure.in. Should I wait for
tomorrow's snapshot tarball?
------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
"Henry B. Hotz" <hbhotz@oxy.edu> writes: > I just DL'ed the "2007-07-10 08:16:17" snapshot and I don't see any > reference to "gss" or "GSS" in configure.in. Should I wait for > tomorrow's snapshot tarball? Either that or pull from the CVS server, cf http://developer.postgresql.org/pgdocs/postgres/cvs.html The snapshots are only made once a day, but the anoncvs server updates every hour. regards, tom lane