[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


I am trying to get postgres 7.1.3 to use heimdal rather than vanilla MIT krb5,
but after fixing a few minor things I have come across a bit of a stumble.

In a server side file it says:

 * The "client" structure comes out of the ticket and is therefore
 * authenticated.  Use it to check the username obtained from the
 * postmaster startup packet.
 * I have no idea why this is considered necessary.

static int
pg_krb5_recvauth(Port *port)
  krb5_error_code retval;
  int ret;
  krb5_auth_context auth_context = NULL;
  krb5_ticket *ticket;
  char *kusername;

  retval = krb5_unparse_name(pg_krb5_context, ticket->enc_part2->client,

but krb5.h says:

typedef struct krb5_ticket {
  EncTicketPart ticket;
  krb5_principal client;
  krb5_principal server;
} krb5_ticket;

I don't have any vanilla MIT krb5 so I cannot compare the ticket formats...  
unparse_name wants a principal, so I have tried giving it both client and
server, which, not surprisingly, did not work (Unknown error with a tremendous
error number).

Any hints?