On Wed, May 28, 2025 at 8:53 AM Tom Lane <t...@sss.pgh.pa.us> wrote: > Even granting that we're okay with letting people build against > Heimdal, I'm not clear on the path forward. Your patch proposes > to effectively disable gss_accept_delegation, which isn't real > palatable (and would require docs and test fixes that aren't there). > Nico seemed to think that there is a way to perform delegation > without using gss_store_cred_into; if we could avoid that loss of > functionality, it'd go a long way towards making the idea more > acceptable. I also wonder about whether we ought to try to use > GSS.framework on Mac.
Personally, I'd be more happy to "maintain GSS on Mac using non-deprecated interfaces" than "maintain GSS via Heimdal, best-effort, some of the time". I think the former puts less of a burden on our testing matrix. --Jacob
