fi

done

for ac_header in gssapi/gssapi_ext.h

do :

ac_fn_c_check_header_mongrel "$LINENO" "gssapi/gssapi_ext.h" "ac_cv_header_gssapi_gssapi_ext_h" "$ac_includes_default"

if test "x$ac_cv_header_gssapi_gssapi_ext_h" = xyes; then :

cat >>confdefs.h <<_ACEOF

#define HAVE_GSSAPI_GSSAPI_EXT_H 1

_ACEOF

else

for ac_header in gssapi_ext.h

do :

ac_fn_c_check_header_mongrel "$LINENO" "gssapi_ext.h" "ac_cv_header_gssapi_ext_h" "$ac_includes_default"

if test "x$ac_cv_header_gssapi_ext_h" = xyes; then :

cat >>confdefs.h <<_ACEOF

#define HAVE_GSSAPI_EXT_H 1

_ACEOF

else

as_fn_error $? "gssapi_ext.h header file is required for GSSAPI" "$LINENO" 5

fi

done

fi

done

fi

if test "$with_gssapi" = yes ; then

AC_CHECK_HEADERS(gssapi/gssapi.h,[],

AC_CHECK_HEADERS(gssapi/gssapi_ext.h,[],

fi

PGAC_PATH_PROGS(OPENSSL, openssl)

The keytab file is generated using the Kerberos software; see the

Kerberos documentation for details. The following example shows

doing this using the <application>kadmin</application> tool of

MIT-compatible Kerberos 5 implementations:

MIT Kerberos:

<screen>

<prompt>kadmin% </prompt><userinput>addprinc -randkey postgres/server.my.domain.org</userinput>

<prompt>kadmin% </prompt><userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</userinput>

<listitem>

<para>

You need <application>Kerberos</application>, <productname>OpenLDAP</productname>,

and/or <application>PAM</application>, if you want to support authentication

using those services.

You need <application>MITKerberos</application> (for GSSAPI),

<productname>OpenLDAP</productname>,and/or <application>PAM</application>,

if you want to support authenticationusing those services.

</para>

</listitem>

<term><option>--with-gssapi</option></term>

<listitem>

<para>

Build with support for GSSAPI authentication.On many systems, the

GSSAPI system (usually a part oftheKerberos installation) is not

installed in a location

Build with support for GSSAPI authentication.MIT Kerberos is required

to be installed for GSSAPI. On many systems,theGSSAPI system (a part

of the MIT Kerberos installation) is notinstalled in a location

that is searched by default (e.g., <filename>/usr/include</filename>,

<filename>/usr/lib</filename>), so you must use the options

<option>--with-includes</option> and <option>--with-libraries</option> in

<term><option>-Dgssapi={ auto | enabled | disabled }</option></term>

<listitem>

<para>

Build with support for GSSAPI authentication. On many systems, the

GSSAPI system (usually a part of the Kerberos installation) is not

installed in a location that is searched by default (e.g.,

<filename>/usr/include</filename>, <filename>/usr/lib</filename>). In

Build with support for GSSAPI authentication. MIT Kerberos is required

to be installed for GSSAPI. On many systems, the GSSAPI system (a part

of the MIT Kerberos installation) is not installed in a location

that is searched by default (e.g., <filename>/usr/include</filename>,

<filename>/usr/lib</filename>). In

those cases, PostgreSQL will query <command>pkg-config</command> to

detect the required compiler and linker options. Defaults to auto.

<filename>meson configure</filename> will check for the required

have_gssapi=false

ifnot have_gssapi

elif cc.check_header('gssapi/gssapi_ext.h',dependencies: gssapi,required:false,

args: test_c_args,include_directories: postgres_inc)

cdata.set('HAVE_GSSAPI_GSSAPI_EXT_H',1)

elif cc.check_header('gssapi_ext.h',args: test_c_args,dependencies: gssapi,required: gssapiopt)

cdata.set('HAVE_GSSAPI_EXT_H',1)

have_gssapi=false

ifnot have_gssapi

elif cc.has_function('gss_init_sec_context',dependencies: gssapi,

args: test_c_args,include_directories: postgres_inc)

gss_cred_id_tdelegated_creds;

if (pg_krb_server_keyfile!=NULL&&pg_krb_server_keyfile[0]!='\0')

{

PqGSSRecvLength=PqGSSResultLength=PqGSSResultNext=0;

if (pg_krb_server_keyfile!=NULL&&pg_krb_server_keyfile[0]!='\0')

{