postgrespro
diff --git a/‎configure
Lines changed: 1 addition & 386 deletions b/‎configure
Lines changed: 1 addition & 386 deletions
diff --git a/‎configure.in
Lines changed: 1 addition & 29 deletions b/‎configure.in
Lines changed: 1 addition & 29 deletions
diff --git a/‎doc/src/sgml/client-auth.sgml
Lines changed: 5 additions & 21 deletions b/‎doc/src/sgml/client-auth.sgml
Lines changed: 5 additions & 21 deletions
diff --git a/‎doc/src/sgml/installation.sgml
Lines changed: 2 additions & 4 deletions b/‎doc/src/sgml/installation.sgml
Lines changed: 2 additions & 4 deletions
diff --git a/‎doc/src/sgml/libpq.sgml
Lines changed: 3 additions & 3 deletions b/‎doc/src/sgml/libpq.sgml
Lines changed: 3 additions & 3 deletions
diff --git a/‎doc/src/sgml/protocol.sgml
Lines changed: 1 addition & 58 deletions b/‎doc/src/sgml/protocol.sgml
Lines changed: 1 addition & 58 deletions
diff --git a/‎src/backend/libpq/auth.c
Lines changed: 4 additions & 96 deletions b/‎src/backend/libpq/auth.c
Lines changed: 4 additions & 96 deletions
@@ -1,5 +1,5 @@
 dnl Process this file with autoconf to produce a configure script.
-dnl $PostgreSQL: pgsql/configure.in,v 1.412 2005/06/04 20:42:41 momjian Exp $
+dnl $PostgreSQL: pgsql/configure.in,v 1.413 2005/06/27 02:04:23 neilc Exp $
 dnl
 dnl Developers, please strive to achieve this order:
 dnl
@@ -409,19 +409,6 @@ PGAC_ARG_BOOL(with, python, no, [  --with-python           build Python modules
 AC_MSG_RESULT([$with_python])
 AC_SUBST(with_python)
 
-#
-# Kerberos 4
-#
-AC_MSG_CHECKING([whether to build with Kerberos 4 support])
-PGAC_ARG_BOOL(with, krb4, no, [  --with-krb4             build with Kerberos 4 support],
-[
-  AC_DEFINE(KRB4, 1, [Define to build with Kerberos 4 support. (--with-krb4)])
-  krb_srvtab="/etc/srvtab"
-])
-AC_MSG_RESULT([$with_krb4])
-AC_SUBST(with_krb4)
-
-
 #
 # Kerberos 5
 #
@@ -435,11 +422,6 @@ AC_MSG_RESULT([$with_krb5])
 AC_SUBST(with_krb5)
 
 
-# Using both Kerberos 4 and Kerberos 5 at the same time isn't going to work.
-if test "$with_krb4" = yes && test "$with_krb5" = yes ; then
-  AC_MSG_ERROR([Kerberos 4 and Kerberos 5 support cannot be combined])
-fi
-
 AC_SUBST(krb_srvtab)
 
 
@@ -666,12 +648,6 @@ else
 *** Not using spinlocks will cause poor performance.])
 fi
 
-if test "$with_krb4" = yes ; then
-  AC_CHECK_LIB(des, des_encrypt, [], [AC_MSG_ERROR([library 'des' is required for Kerberos 4])])
-  AC_CHECK_LIB(krb, krb_sendauth, [], [AC_MSG_ERROR([library 'krb' is required for Kerberos 4])])
-  AC_REPLACE_FUNCS([gethostname])
-fi
-
 if test "$with_krb5" = yes ; then
   if test "$PORTNAME" != "win32"; then
      AC_SEARCH_LIBS(com_err, [krb5 'krb5 -ldes -lasn1 -lroken' com_err], [],
@@ -762,10 +738,6 @@ failure.  It is possible the compiler isn't looking in the proper directory.
 Use --without-zlib to disable zlib support.])])
 fi
 
-if test "$with_krb4" = yes ; then
-  AC_CHECK_HEADER(krb.h, [], [AC_MSG_ERROR([header file <krb.h> is required for Kerberos 4])])
-fi
-
 if test "$with_krb5" = yes ; then
   AC_CHECK_HEADER(krb5.h, [], [AC_MSG_ERROR([header file <krb5.h> is required for Kerberos 5])])
 fi
 
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.81 2005/06/21 04:02:29 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.82 2005/06/27 02:04:23 neilc Exp $
 -->
 
 <chapter id="client-authentication">
@@ -326,17 +326,6 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
         </listitem>
        </varlistentry>
 
-       <varlistentry>
-        <term><literal>krb4</></term>
-        <listitem>
-         <para>
-          Use Kerberos V4 to authenticate the user. This is only
-          available for TCP/IP connections.  See <xref
-          linkend="kerberos-auth"> for details.
-         </para>
-        </listitem>
-       </varlistentry>
-
        <varlistentry>
         <term><literal>krb5</></term>
         <listitem>
@@ -623,11 +612,8 @@ local   db1,db2,@demodbs  all                         md5
    </para>
 
    <para>
-    While <productname>PostgreSQL</> supports both Kerberos 4 and 
-    Kerberos 5, only Kerberos 5 is recommended.  Kerberos 4 is
-    considered insecure and no longer recommended for general
-    use. Only one version of Kerberos can be supported in any one
-		build, and support must be enabled at build time. See
+    <productname>PostgreSQL</> supports Kerberos version 5, and it has
+	to be enabled at build time. See
 		<xref linkend="installation"> for more information.
    </para>
 
@@ -669,11 +655,9 @@ local   db1,db2,@demodbs  all                         md5
     account.  (See also <xref linkend="postgres-user">.) The location
     of the key file is specified by the <xref
     linkend="guc-krb-server-keyfile"> configuration
-    parameter. The default
-    is <filename>/etc/srvtab</> if you are using Kerberos 4 and
+    parameter. The default is
     <filename>/usr/local/pgsql/etc/krb5.keytab</> (or whichever
-    directory was specified as <varname>sysconfdir</> at build time)
-    with Kerberos 5.
+    directory was specified as <varname>sysconfdir</> at build time).
    </para>
 
    <para>
 
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.237 2005/06/21 20:45:43 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.238 2005/06/27 02:04:23 neilc Exp $ -->
 
 <chapter id="installation">
  <title><![%standalone-include[<productname>PostgreSQL</>]]>
@@ -787,12 +787,10 @@ su - postgres
       </varlistentry>
 
       <varlistentry>
-       <term><option>--with-krb4</option></term>
        <term><option>--with-krb5</option></term>
        <listitem>
         <para>
-         Build with support for Kerberos authentication. You can use
-         either Kerberos version 4 or 5, but not both.  On many
+         Build with support for Kerberos 5 authentication. On many
          systems, the Kerberos system is not installed in a location
          that is searched by default (e.g., <filename>/usr/include</>,
          <filename>/usr/lib</>), so you must use the options
 
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.187 2005/06/26 19:16:04 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.188 2005/06/27 02:04:24 neilc Exp $
 -->
 
  <chapter id="libpq">
@@ -283,7 +283,7 @@ PGconn *PQconnectdb(const char *conninfo);
      <term><literal>krbsrvname</literal></term>
      <listitem>
       <para>
-       Kerberos service name to use when authenticating with Kerberos 4 or 5.
+       Kerberos service name to use when authenticating with Kerberos 5.
        This must match the service name specified in the server
        configuration for Kerberos authentication to succeed. (See also
        <xref linkend="kerberos-auth">.)
@@ -3813,7 +3813,7 @@ setting, and is only available if
  <primary><envar>PGKRBSRVNAME</envar></primary>
 </indexterm>
 <envar>PGKRBSRVNAME</envar> sets the Kerberos service name to use when
-authenticating with Kerberos 4 or 5.
+authenticating with Kerberos 5.
 </para>
 </listitem>
 <listitem>
 
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.60 2005/06/26 19:16:04 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.61 2005/06/27 02:04:24 neilc Exp $ -->
 
 <chapter id="protocol">
  <title>Frontend/Backend Protocol</title>
@@ -264,19 +264,6 @@
       </listitem>
      </varlistentry>
 
-     <varlistentry>
-      <term>AuthenticationKerberosV4</term>
-      <listitem>
-       <para>
-        The frontend must now take part in a Kerberos V4
-        authentication dialog (not described here, part of the
-        Kerberos specification) with the server.  If this is
-        successful, the server responds with an AuthenticationOk,
-        otherwise it responds with an ErrorResponse.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry>
       <term>AuthenticationKerberosV5</term>
       <listitem>
@@ -1411,50 +1398,6 @@ AuthenticationOk (B)
 </varlistentry>
 
 
-<varlistentry>
-<term>
-AuthenticationKerberosV4 (B)
-</term>
-<listitem>
-<para>
-
-<variablelist>
-<varlistentry>
-<term>
-        Byte1('R')
-</term>
-<listitem>
-<para>
-                Identifies the message as an authentication request.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(8)
-</term>
-<listitem>
-<para>
-                Length of message contents in bytes, including self.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(1)
-</term>
-<listitem>
-<para>
-                Specifies that Kerberos V4 authentication is required.
-</para>
-</listitem>
-</varlistentry>
-</variablelist>
-</para>
-</listitem>
-</varlistentry>
-
-
 <varlistentry>
 <term>
 AuthenticationKerberosV5 (B)
 
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.125 2005/06/14 17:43:13 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.126 2005/06/27 02:04:24 neilc Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -69,83 +69,6 @@ static Port *pam_port_cludge;	/* Workaround for passing "Port *port"
 								 * into pam_passwd_conv_proc */
 #endif   /* USE_PAM */
 
-#ifdef KRB4
-/*----------------------------------------------------------------
- * MIT Kerberos authentication system - protocol version 4
- *----------------------------------------------------------------
- */
-
-#include "krb.h"
-
-/*
- * pg_krb4_recvauth -- server routine to receive authentication information
- *					   from the client
- *
- * Nothing unusual here, except that we compare the username obtained from
- * the client's setup packet to the authenticated name.  (We have to retain
- * the name in the setup packet since we have to retain the ability to handle
- * unauthenticated connections.)
- */
-static int
-pg_krb4_recvauth(Port *port)
-{
-	long		krbopts = 0;	/* one-way authentication */
-	KTEXT_ST	clttkt;
-	char		instance[INST_SZ + 1],
-				version[KRB_SENDAUTH_VLEN + 1];
-	AUTH_DAT	auth_data;
-	Key_schedule key_sched;
-	int			status;
-
-	strcpy(instance, "*");		/* don't care, but arg gets expanded
-								 * anyway */
-	status = krb_recvauth(krbopts,
-						  port->sock,
-						  &clttkt,
-						  pg_krb_srvnam,
-						  instance,
-						  &port->raddr.in,
-						  &port->laddr.in,
-						  &auth_data,
-						  pg_krb_server_keyfile,
-						  key_sched,
-						  version);
-	if (status != KSUCCESS)
-	{
-		ereport(LOG,
-				(errmsg("Kerberos error: %s", krb_err_txt[status])));
-		return STATUS_ERROR;
-	}
-	if (strncmp(version, PG_KRB4_VERSION, KRB_SENDAUTH_VLEN) != 0)
-	{
-		ereport(LOG,
-				(errmsg("unexpected Kerberos protocol version received from client (received \"%s\", expected \"%s\")",
-						version, PG_KRB4_VERSION)));
-		return STATUS_ERROR;
-	}
-	if (strncmp(port->user_name, auth_data.pname, SM_DATABASE_USER) != 0)
-	{
-		ereport(LOG,
-				(errmsg("unexpected Kerberos user name received from client (received \"%s\", expected \"%s\")",
-						port->user_name, auth_data.pname)));
-		return STATUS_ERROR;
-	}
-	return STATUS_OK;
-}
-
-#else
-
-static int
-pg_krb4_recvauth(Port *port)
-{
-	ereport(LOG,
-			(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-			 errmsg("Kerberos 4 not implemented on this server")));
-	return STATUS_ERROR;
-}
-#endif   /* KRB4 */
-
-
 #ifdef KRB5
 /*----------------------------------------------------------------
  * MIT Kerberos authentication system - protocol version 5
@@ -252,8 +175,7 @@ pg_krb5_init(void)
  *					   from the client
  *
  * We still need to compare the username obtained from the client's setup
- * packet to the authenticated name, as described in pg_krb4_recvauth.	This
- * is a bit more problematic in v5, as described above in pg_an_to_ln.
+ * packet to the authenticated name.
  *
  * We have our own keytab file because postgres is unlikely to run as root,
  * and so cannot read the default keytab.
@@ -380,9 +302,6 @@ auth_failed(Port *port, int status)
 		case uaReject:
 			errstr = gettext_noop("authentication failed for user \"%s\": host rejected");
 			break;
-		case uaKrb4:
-			errstr = gettext_noop("Kerberos 4 authentication failed for user \"%s\"");
-			break;
 		case uaKrb5:
 			errstr = gettext_noop("Kerberos 5 authentication failed for user \"%s\"");
 			break;
@@ -461,27 +380,16 @@ ClientAuthentication(Port *port)
 				   (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
 					errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\", %s",
 						   hostinfo, port->user_name, port->database_name,
-				   port->ssl ? _("SSL on") : _("SSL off"))));
+						   port->ssl ? _("SSL on") : _("SSL off"))));
 #else
 				ereport(FATAL,
 				   (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
 					errmsg("no pg_hba.conf entry for host \"%s\", user \"%s\", database \"%s\"",
-					   hostinfo, port->user_name, port->database_name)));
+						   hostinfo, port->user_name, port->database_name)));
 #endif
 				break;
 			}
 
-		case uaKrb4:
-			/* Kerberos 4 only seems to work with AF_INET. */
-			if (port->raddr.addr.ss_family != AF_INET
-				|| port->laddr.addr.ss_family != AF_INET)
-				ereport(FATAL,
-						(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
-				   errmsg("Kerberos 4 only supports IPv4 connections")));
-			sendAuthRequest(port, AUTH_REQ_KRB4);
-			status = pg_krb4_recvauth(port);
-			break;
-
 		case uaKrb5:
 			sendAuthRequest(port, AUTH_REQ_KRB5);
 			status = pg_krb5_recvauth(port);