On Wed, May 28, 2025 at 8:53 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Even granting that we're okay with letting people build against
> Heimdal, I'm not clear on the path forward. Your patch proposes
> to effectively disable gss_accept_delegation, which isn't real
> palatable (and would require docs and test fixes that aren't there).
> Nico seemed to think that there is a way to perform delegation
> without using gss_store_cred_into; if we could avoid that loss of
> functionality, it'd go a long way towards making the idea more
> acceptable. I also wonder about whether we ought to try to use
> GSS.framework on Mac.
Personally, I'd be more happy to "maintain GSS on Mac using
non-deprecated interfaces" than "maintain GSS via Heimdal,
best-effort, some of the time". I think the former puts less of a
burden on our testing matrix.
--Jacob
