Hi, I enabled GSSAPI on Windows CI by using dependencies from Dave Page's winpgbuild repository [1]. The problem is that Kerberos compilation does not generate the 'krb5-config' executable on Windows but we expect it while setting up KDC. Because of that, 'kerberos/001_auth' and 'libpq/005_negotiate_encryption' tests fail with 'Command 'krb5-config' not found in ...' error although GSSAPI is enabled.
Then I tried skipping these tests' Kerberos related parts like in the attached but 'libpq/005_negotiate_encryption' test still failed with [2]. I found this thread [3] (CC'ing Thomas) but I still do not understand the problem. Any thoughts? Example CI runs: Windows + GSSAPI: https://cirrus-ci.com/task/6111500131106816 Windows + GSSAPI + Patch: https://cirrus-ci.com/task/6564690651774976 [1] https://github.com/dpage/winpgbuild [3] https://postgr.es/m/CA%2BhUKGJ0tdtTiB3bHEU8C%3D5pyzc5zvDqA8dJ5q%2BThSimW8QKNw%40mail.gmail.com [2]: ------------------------------------- 8< ------------------------------------- stderr: # Failed test ' 'user=testuser gssencmode=prefer sslmode=disable sslnegotiation=postgres' -> connect, authok -> plain' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept, reconnect, authok -> plain' # expected: 'connect, authok -> plain' # # Failed test ' 'user=testuser gssencmode=prefer sslmode=allow sslnegotiation=postgres' -> connect, authok -> plain' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept, reconnect, authok -> plain' # expected: 'connect, authok -> plain' # # Failed test ' 'user=testuser gssencmode=prefer sslmode=prefer sslnegotiation=postgres' -> connect, sslreject, authok -> plain' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept, reconnect, sslreject, authok -> plain' # expected: 'connect, sslreject, authok -> plain' # # Failed test ' 'user=testuser gssencmode=prefer sslmode=require sslnegotiation=postgres' -> connect, sslreject -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept, reconnect, sslreject -> fail' # expected: 'connect, sslreject -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: could not initiate GSSAPI security context: No credentials were supplied, or the credentials were unavailable or inaccessible: Credential cache is empty # connection to server at "127.0.0.1", port 14350 failed: server does not support SSL, but SSL was required # Failed test ' 'user=testuser gssencmode=prefer sslmode=require sslnegotiation=direct' -> connect, directsslreject -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept, reconnect, directsslreject -> fail' # expected: 'connect, directsslreject -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: could not initiate GSSAPI security context: No credentials were supplied, or the credentials were unavailable or inaccessible: Credential cache is empty # connection to server at "127.0.0.1", port 14350 failed: server closed the connection unexpectedly # This probably means the server terminated abnormally # before or while processing the request. # SSL SYSCALL error: Connection reset by peer (0x00002746/10054) # Failed test ' 'user=testuser gssencmode=require sslmode=disable sslnegotiation=postgres' -> - -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept -> fail' # expected: '- -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: could not initiate GSSAPI security context: No credentials were supplied, or the credentials were unavailable or inaccessible: Credential cache is empty # Failed test ' 'user=testuser gssencmode=require sslmode=allow sslnegotiation=postgres' -> - -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept -> fail' # expected: '- -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: could not initiate GSSAPI security context: No credentials were supplied, or the credentials were unavailable or inaccessible: Credential cache is empty # Failed test ' 'user=testuser gssencmode=require sslmode=prefer sslnegotiation=postgres' -> - -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept -> fail' # expected: '- -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: could not initiate GSSAPI security context: No credentials were supplied, or the credentials were unavailable or inaccessible: Credential cache is empty # Failed test ' 'user=testuser gssencmode=require sslmode=require sslnegotiation=postgres' -> - -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept -> fail' # expected: '- -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: could not initiate GSSAPI security context: No credentials were supplied, or the credentials were unavailable or inaccessible: Credential cache is empty # Failed test ' 'user=testuser gssencmode=require sslmode=require sslnegotiation=direct' -> - -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282. # got: 'connect, gssaccept -> fail' # expected: '- -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: could not initiate GSSAPI security context: No credentials were supplied, or the credentials were unavailable or inaccessible: Credential cache is empty # Failed test ' 'user=testuser sslmode=prefer' -> connect, backenderror -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 333. # got: 'connect, backenderror, reconnect, backenderror -> fail' # expected: 'connect, backenderror -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: server sent an error response during GSS encryption exchange # connection to server at "127.0.0.1", port 14350 failed: server sent an error response during SSL exchange # Failed test ' 'user=testuser sslmode=prefer' -> connect, v2error -> fail' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 343. # got: 'connect, v2error, reconnect, v2error -> fail' # expected: 'connect, v2error -> fail' # psql: error: connection to server at "127.0.0.1", port 14350 failed: server sent an error response during GSS encryption exchange # connection to server at "127.0.0.1", port 14350 failed: server sent an error response during SSL exchange # Failed test ' 'user=testuser sslmode=prefer' -> connect, sslaccept, backenderror, reconnect, authok -> plain' # at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 353. # got: 'connect, gssaccept, reconnect, sslaccept, backenderror, reconnect, authok -> plain' # expected: 'connect, sslaccept, backenderror, reconnect, authok -> plain' # # Looks like you failed 13 tests of 55. -- Regards, Nazir Bilal Yavuz Microsoft
From 130f0286765d6eb5fcd931f98f5c2b690381ca20 Mon Sep 17 00:00:00 2001 From: Nazir Bilal Yavuz <[email protected]> Date: Tue, 16 Dec 2025 15:07:14 +0300 Subject: [PATCH] Skip Kerberos tests on Windows platforms Kerberos/GSSAPI tests are not supported on Windows, so add explicit checks to skip these tests on Windows in both 005_negotiate_encryption.pl and 001_auth.pl test scripts. --- src/interfaces/libpq/t/005_negotiate_encryption.pl | 7 +++++-- src/test/kerberos/t/001_auth.pl | 6 ++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/interfaces/libpq/t/005_negotiate_encryption.pl b/src/interfaces/libpq/t/005_negotiate_encryption.pl index ac6d8bcb4a6..5891e95e75f 100644 --- a/src/interfaces/libpq/t/005_negotiate_encryption.pl +++ b/src/interfaces/libpq/t/005_negotiate_encryption.pl @@ -84,10 +84,13 @@ if (!$ENV{PG_TEST_EXTRA} || $ENV{PG_TEST_EXTRA} !~ /\blibpq_encryption\b/) } # Only run the GSSAPI tests when compiled with GSSAPI support and -# PG_TEST_EXTRA includes 'kerberos' +# PG_TEST_EXTRA includes 'kerberos'. 'kerberos' tests are not supported on +# Windows, so skip them. my $gss_supported = $ENV{with_gssapi} eq 'yes'; my $kerberos_enabled = - $ENV{PG_TEST_EXTRA} && $ENV{PG_TEST_EXTRA} =~ /\bkerberos\b/; + !$windows_os + && $ENV{PG_TEST_EXTRA} + && $ENV{PG_TEST_EXTRA} =~ /\bkerberos\b/; my $ssl_supported = $ENV{with_ssl} eq 'openssl'; ### diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl index b0be96f2beb..9eea03f28cc 100644 --- a/src/test/kerberos/t/001_auth.pl +++ b/src/test/kerberos/t/001_auth.pl @@ -29,6 +29,12 @@ if ($ENV{with_gssapi} ne 'yes') { plan skip_all => 'GSSAPI/Kerberos not supported by this build'; } +elsif ($ENV{PG_TEST_EXTRA} + && $ENV{PG_TEST_EXTRA} =~ /\bkerberos\b/ + && $windows_os) +{ + plan skip_all => 'GSSAPI/Kerberos tests are not supported on Windows'; +} elsif (!$ENV{PG_TEST_EXTRA} || $ENV{PG_TEST_EXTRA} !~ /\bkerberos\b/) { plan skip_all => -- 2.51.0
