Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > I'm guessing it's not really an issue but it does make changing
> > configure a bit annoying on my Ubuntu 22.04, when I run autoconf2.69, I
> > end up with this additional hunk as changed from what our configure
> > cur
Stephen Frost writes:
> I'm guessing it's not really an issue but it does make changing
> configure a bit annoying on my Ubuntu 22.04, when I run autoconf2.69, I
> end up with this additional hunk as changed from what our configure
> currently has.
Not surprising. Thanks to autoconf's long relea
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > Stephen Frost writes:
> > > Done that way.
> >
> > Looks like you neglected to update the configure script proper?
>
> Pah, indeed. Will fix. Sorry about that.
Fixed.
I'm guessing it's not re
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Done that way.
>
> Looks like you neglected to update the configure script proper?
Pah, indeed. Will fix. Sorry about that.
Thanks,
Stephen
signature.asc
Description: PGP signature
Stephen Frost writes:
> Done that way.
Looks like you neglected to update the configure script proper?
regards, tom lane
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > How about the attached which just switches from testing for
> > gss_init_sec_context to testing for gss_store_cred_into?
>
> WFM.
Done that way.
Thanks!
Stephen
signature.asc
Description: PGP signature
Stephen Frost writes:
> How about the attached which just switches from testing for
> gss_init_sec_context to testing for gss_store_cred_into?
WFM.
regards, tom lane
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Pushed, thanks again to everyone.
> > I'll monitor the buildfarm and assuming there isn't anything unexpected
> > then I'll mark the open item as resolved now.
>
> The Debian 7 (Wheezy) members of the buildfarm (lapwin
Stephen Frost writes:
> Pushed, thanks again to everyone.
> I'll monitor the buildfarm and assuming there isn't anything unexpected
> then I'll mark the open item as resolved now.
The Debian 7 (Wheezy) members of the buildfarm (lapwing, skate, snapper)
are all getting past the gssapi_ext.h check
Greetings,
* Jonathan S. Katz (jk...@postgresql.org) wrote:
> On 4/12/23 12:22 PM, Stephen Frost wrote:
> > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > > Stephen Frost writes:
> > > > Updated patch set attached.
> > >
> > > LGTM
> >
> > Great, thanks.
> >
> > I cleaned up the commit messages a
On 4/12/23 12:22 PM, Stephen Frost wrote:
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
Stephen Frost writes:
Updated patch set attached.
LGTM
Great, thanks.
I cleaned up the commit messages a bit more and added links to the
discussion. If there isn't anything more then I'll plan to
> On 12 Apr 2023, at 16:55, Stephen Frost wrote:
>
> Greetings,
>
> * Daniel Gustafsson (dan...@yesql.se) wrote:
>>> On 12 Apr 2023, at 16:33, Stephen Frost wrote:
>>> Sure, reworked that way and attached.
>>
>> While not changed in this hunk, does the comment regarding Heimdal still
>> apply
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Updated patch set attached.
>
> LGTM
Great, thanks.
I cleaned up the commit messages a bit more and added links to the
discussion. If there isn't anything more then I'll plan to push these
later today or tomorrow.
Stephen Frost writes:
> Updated patch set attached.
LGTM
regards, tom lane
Greetings,
* Daniel Gustafsson (dan...@yesql.se) wrote:
> > On 12 Apr 2023, at 16:33, Stephen Frost wrote:
> > Sure, reworked that way and attached.
>
> While not changed in this hunk, does the comment regarding Heimdal still
> apply?
>
> @@ -918,6 +919,7 @@ pg_GSS_recvauth(Port *port)
>
On 4/12/23 10:47 AM, Stephen Frost wrote:
Greetings,
* Jonathan S. Katz (jk...@postgresql.org) wrote:
On 4/12/23 10:33 AM, Stephen Frost wrote:
* Tom Lane (t...@sss.pgh.pa.us) wrote:
Stephen Frost writes:
Understood. Please find attached the updated patch with changes to the
commit message
Greetings,
* Jonathan S. Katz (jk...@postgresql.org) wrote:
> On 4/12/23 10:33 AM, Stephen Frost wrote:
> > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > > Stephen Frost writes:
> > > > Understood. Please find attached the updated patch with changes to the
> > > > commit message to indicate that we
> On 12 Apr 2023, at 16:33, Stephen Frost wrote:
> Sure, reworked that way and attached.
While not changed in this hunk, does the comment regarding Heimdal still apply?
@@ -918,6 +919,7 @@ pg_GSS_recvauth(Port *port)
int mtype;
StringInfoData buf;
gss
On 4/12/23 10:33 AM, Stephen Frost wrote:
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
Stephen Frost writes:
Understood. Please find attached the updated patch with changes to the
commit message to indicate that we now require MIT Kerberos, an
additional explicit check for gssapi_ext.h
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Understood. Please find attached the updated patch with changes to the
> > commit message to indicate that we now require MIT Kerberos, an
> > additional explicit check for gssapi_ext.h in configure.ac/configure,
> > a
Stephen Frost writes:
> Understood. Please find attached the updated patch with changes to the
> commit message to indicate that we now require MIT Kerberos, an
> additional explicit check for gssapi_ext.h in configure.ac/configure,
> along with updated documentation explicitly saying we require
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> Greetings,
>
> * Justin Pryzby (pry...@telsasoft.com) wrote:
> > > configure | 27 ++
> > > configure.ac | 2 +
> >
> > Does meson.build need the corresponding change
Greetings,
* Justin Pryzby (pry...@telsasoft.com) wrote:
> > configure | 27 ++
> > configure.ac | 2 +
>
> Does meson.build need the corresponding change ?
Ah, yes, presumably.
Something like the attached?
Thanks,
Stephe
> configure | 27 ++
> configure.ac | 2 +
Does meson.build need the corresponding change ?
Greetings,
* Jonathan S. Katz (jk...@postgresql.org) wrote:
> On 4/10/23 11:37 AM, Tom Lane wrote:
> > Stephen Frost writes:
> > > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > > > IOW, maybe it'd be okay to de-revert 3d4fa227b and add documentation
> > > > saying that --with-gssapi requires MIT Ker
On Tue, Apr 11, 2023 at 2:53 PM Thomas Munro wrote:
> On Tue, Apr 11, 2023 at 2:31 AM Stephen Frost wrote:
> > Have you tried running the tests in src/test/kerberos with elver? Or is
> > it configured to run them? Would be awesome if it could be, or if
> > there's issues with running the tests
On Tue, Apr 11, 2023 at 2:31 AM Stephen Frost wrote:
> Have you tried running the tests in src/test/kerberos with elver? Or is
> it configured to run them? Would be awesome if it could be, or if
> there's issues with running the tests on FBSD w/ MIT Kerberos, I'd be
> happy to try and help work
On 4/10/23 11:37 AM, Tom Lane wrote:
Stephen Frost writes:
* Tom Lane (t...@sss.pgh.pa.us) wrote:
IOW, maybe it'd be okay to de-revert 3d4fa227b and add documentation
saying that --with-gssapi requires MIT Kerberos not Heimdal.
I'd be happy with that and can add the appropriate documentatio
Stephen Frost writes:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
>> IOW, maybe it'd be okay to de-revert 3d4fa227b and add documentation
>> saying that --with-gssapi requires MIT Kerberos not Heimdal.
> I'd be happy with that and can add the appropriate documentation noting
> that we require MIT Ke
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Yeah, I wouldn't be the least bit surprised if many folks running
> > FreeBSD with any interest in Kerberos have MIT Kerberos installed given
> > that Heimdal doesn't seem to be under any kind of ongoing active
> > deve
Stephen Frost writes:
> Yeah, I wouldn't be the least bit surprised if many folks running
> FreeBSD with any interest in Kerberos have MIT Kerberos installed given
> that Heimdal doesn't seem to be under any kind of ongoing active
> development and is just in this maintenance mode.
Yeah, that's a
Greetings,
* Thomas Munro (thomas.mu...@gmail.com) wrote:
> On Sun, Apr 9, 2023 at 6:40 AM Tom Lane wrote:
> > The exact same thing applies to FreeBSD, except that their in-core
> > Heimdal is ancient (1.5.2). Also, they do have MIT Kerberos
> > available as a package [1]. I'd been misled by th
On Sun, Apr 9, 2023 at 6:40 AM Tom Lane wrote:
> The exact same thing applies to FreeBSD, except that their in-core
> Heimdal is ancient (1.5.2). Also, they do have MIT Kerberos
> available as a package [1]. I'd been misled by the lack of a hit
> on "kerberos", but "krb5" finds it. Our code doe
I wrote:
> * NetBSD's package collection[1] includes both Heimdal and MIT Kerberos
> (mit-krb5). Apparently what's installed on at least some of the buildfarm
> animals is the former.
Oh! New data: the core NetBSD OS includes a copy of Heimdal (looks
to be 7.7.0 in the 10.0_BETA sources). The i
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > I suspected there would be an issue with OSX but hadn't expected an
> > issue with NetBSD. I had tested this across a few Linux platforms and
> > cfbot showed it wasn't causing issues on Windows or the platforms that
>
Stephen Frost writes:
> I suspected there would be an issue with OSX but hadn't expected an
> issue with NetBSD. I had tested this across a few Linux platforms and
> cfbot showed it wasn't causing issues on Windows or the platforms that
> are run there. Would be really great to have a way to tes
Greetings,
* Andres Freund (and...@anarazel.de) wrote:
> On 2023-04-07 22:50:18 -0400, Tom Lane wrote:
> > Or should credential delegation be viewed as an incremental feature that we
> > can support or not?
>
> That seems like the best way forward here.
Yeah, that's certainly doable too, though
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > I'm open to considering support for older versions, however ...
>
> NetBSD 9.3, which is their *latest production release*, doesn't have
> gssapi_ext.h [1]. For that matter, it doesn't look like their
> not-yet-releas
Hi,
On 2023-04-07 22:50:18 -0400, Tom Lane wrote:
> Or should credential delegation be viewed as an incremental feature that we
> can support or not?
That seems like the best way forward here.
Greetings,
Andres Freund
Stephen Frost writes:
> I'm open to considering support for older versions, however ...
NetBSD 9.3, which is their *latest production release*, doesn't have
gssapi_ext.h [1]. For that matter, it doesn't look like their
not-yet-released 10.0BETA does either (my NetBSD 10 animals would
be failing
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Looks like buildfarm animal hake, at least, has a version recent enough
> > to have gssapi_ext.h ... but still older than 1.11 and therefore
> > doesn't have the type gss_key_value_element_desc defined, so maybe the
> >
Stephen Frost writes:
> Looks like buildfarm animal hake, at least, has a version recent enough
> to have gssapi_ext.h ... but still older than 1.11 and therefore
> doesn't have the type gss_key_value_element_desc defined, so maybe the
> check for gss_store_cred_into would be better?
Well, now we
Greetings,
* Stephen Frost (sfr...@snowman.net) wrote:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > Stephen Frost writes:
> > > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > >> It's whatever Apple is shipping, or was shipping last year or so.
> >
> > > Sadly they've not been maintaining the Kerbero
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > * Tom Lane (t...@sss.pgh.pa.us) wrote:
> >> It's whatever Apple is shipping, or was shipping last year or so.
>
> > Sadly they've not been maintaining the Kerberos libraries at all on
> > their systems.
>
> Indeed :-(
Stephen Frost writes:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
>> It's whatever Apple is shipping, or was shipping last year or so.
> Sadly they've not been maintaining the Kerberos libraries at all on
> their systems.
Indeed :-(. I wouldn't be surprised if there are security issues in
their ve
Greetings,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Stephen Frost writes:
> > Looks like longfin has a particularly old Kerberos/GSSAPI installation
> > on it
>
> It's whatever Apple is shipping, or was shipping last year or so.
Sadly they've not been maintaining the Kerberos libraries at all o
Stephen Frost writes:
> Looks like longfin has a particularly old Kerberos/GSSAPI installation
> on it
It's whatever Apple is shipping, or was shipping last year or so.
> I'm inclined to update our configure check to explicitly check for the
> needed function (gss_store_cred_into)
Sounds like a
Greetings,
Looks like longfin has a particularly old Kerberos/GSSAPI installation
on it which pre-dates MIT release 1.11 from circa 2012 and is missing
gssapi_ext.h, causing the recently committed patch to add Kerberos
credential delegation to fail to build.
I'm inclined to update our configure c
48 matches
Mail list logo
