> Greetings, > I was trying to build source build postgres 8.1.x with MIT > Kerberos 5 1.4.x implementation. > The whole thing bombs out. After some digging, I had to hack > the autoconf script (configure.in) to properly account for > the way the libraries are built for 1.4.x. I don't know > whether an earlier post had the same issue. I think it boils > down to adding the 'libkrb5support' when all the krb5 libs > are checked in the configure script. (This is better asked in -hackers, I htink, copying there) What platform is this? I use it with krb5 1.4.3 on Linux (slackware) without any modifications at all. Perhaps platform specific behaviour? The postmaster is linked to libkrb5support, but I only have "-lkrb5" in my LIBS as generated by configure. However, if I do "ldd" on libkrb5.so I see that one pulls in libkrb5support. > On another note, is the kerberos authentication secure, I had > searched some old threads, where it was indicated the > principal is not checked by the db as a valid user. Is this > still the case? The principal name is definitly checked by the db as a valid user, and AFAIK it always has been (do you have a reference to where it says it doesn't?) The *REALM* is not checked, however. This can cause problems if you have a multi-realm system (where the realms already trust each other, because the KDC has to give out the service ticket) where you have the same username existing in multiple realms representing different users. If you're in a single realm, it's definitly secure. //Magnus
