Support GSSAPI / kerberos #239
Comments
|
See the documentation for The libpq used by LibPQ.jl is built here: https://github.com/JuliaPackaging/Yggdrasil/blob/master/L/LibPQ/build_tarballs.jl You will need to learn the BinaryBuilder system if you haven't already, and likely need to create a Kerberos JLL package that you depend on, then provide the relevant arguments including Hope that helps! Once that's done, I do not believe any changes need to be made to LibPQ.jl other than updating the JLL dependency in LibPQ.jl's Project.toml, but since I've never used GSSAPI I could be wrong. |
|
Thanks @iamed2. That is exactly the kind of advice I need to get started. |
|
Sorry it has been a while. Today I tried compiling Heimdal kerberos, but failed. It compiles on my Ubuntu system, but not in the BinaryBuilder wizard. It should be possible to get this to work with better autoconf-skills than mine. Next I tried MIT Kerberos. That works on my platform (Ubuntu), but fails cross compilation. Would it be ok to only enable gssapi on linux? |
|
I think that would be reasonable, see https://docs.binarybuilder.org/stable/building/#Platform-dependent-dependencies for instructions on how to do that for BinaryBuilder Maybe also post about it in the An interesting thing about macOS is that it comes with MIT Kerberos built already, but I bet our macOS cross-compilation environment doesn't have it. |
|
Guess I'm nerd-sniping myself 😄 Did a bit more searching and found a few leads:
Now it looks like I can compile MIT-krb5 on all platforms. |
|
OK. This is quite hack: tp2750/Yggdrasil@8580aeb I just build MIT-krb5 for linux targets and include the --with-gssapi for those targets. A better solution would be to build a MIT_kerberos_jll package and depend on that as you depend on OpenSSL_jll. Heimdal looks promising, but also failed cross compilation. I've filed a bug: heimdal/heimdal#987 |
|
Managed to get MIT kerberos to build on linux as a separate _jll package: JuliaPackaging/Yggdrasil#4744 If that goes in, I hope to do a better patch for LibPQ_jll |
|
That happened quickly: https://github.com/JuliaBinaryWrappers/Kerberos_krb5_jll.jl Not sure how much time I have for this tomorrow, but I'm looking forward to test if it works. |
|
It works! After the Kerberos_krb5_jll got in, I made this very simple patch: JuliaPackaging/Yggdrasil#4763 With that the connection works! julia> LibPQ.Connection("dbname=xxx host=xxx port=xxx user=xxx")
PostgreSQL connection (CONNECTION_OK) with parameters:
user = xx
passfile = xxx/.pgpass
channel_binding = prefer
dbname = xxx
host = xxx
port = xxx
client_encoding = UTF8
options = -c DateStyle=ISO,YMD -c IntervalStyle=iso_8601 -c TimeZone=UTC
application_name = LibPQ.jl
sslmode = prefer
sslcompression = 0
sslsni = 1
ssl_min_protocol_version = TLSv1.2
gssencmode = prefer
krbsrvname = postgres
target_session_attrs = anyThis is awesome! I suppose, that when the above pull-request is merged, we can close this issue. I'm really impressed with the BinaryBuilder architecture. It only works for Linux. It looks like these Kerbros libraries have not been tested much for cross-compilation. |
|
The pull request JuliaPackaging/Yggdrasil#4763 is now merged, and we have kerberos authentication on the supported platforms: Linux, FreeBSD. Thanks a lot to @iamed2 and @giordano for all your help. |
I have a problem connecting to a database, that uses kerberos authentication:
Is there some environment variable I need to set to make it work?
If it needs implementation, I'll be happy to help, but I will need some guidance.
The text was updated successfully, but these errors were encountered: