Thread

  1. Running GSSAPI / Kerberos tests on Windows

    Nazir Bilal Yavuz <byavuz81@gmail.com> — 2025-12-16T13:58:03Z

    Hi,
    
    I enabled GSSAPI on Windows CI by using dependencies from Dave Page's
    winpgbuild repository [1]. The problem is that Kerberos compilation
    does not generate the 'krb5-config' executable on Windows but we
    expect it while setting up KDC. Because of that, 'kerberos/001_auth'
    and 'libpq/005_negotiate_encryption' tests fail with 'Command
    'krb5-config' not found in ...' error although GSSAPI is enabled.
    
    Then I tried skipping these tests' Kerberos related parts like in the
    attached but 'libpq/005_negotiate_encryption' test still failed with
    [2]. I found this thread [3] (CC'ing Thomas) but I still do not
    understand the problem.
    
    Any thoughts?
    
    Example CI runs:
    Windows + GSSAPI: https://cirrus-ci.com/task/6111500131106816
    Windows + GSSAPI + Patch: https://cirrus-ci.com/task/6564690651774976
    
    [1] https://github.com/dpage/winpgbuild
    [3] https://postgr.es/m/CA%2BhUKGJ0tdtTiB3bHEU8C%3D5pyzc5zvDqA8dJ5q%2BThSimW8QKNw%40mail.gmail.com
    [2]:
    ------------------------------------- 8< -------------------------------------
    stderr:
    #   Failed test ' 'user=testuser gssencmode=prefer sslmode=disable
    sslnegotiation=postgres' -> connect, authok -> plain'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept, reconnect, authok -> plain'
    #     expected: 'connect, authok -> plain'
    #
    #   Failed test ' 'user=testuser gssencmode=prefer sslmode=allow
    sslnegotiation=postgres' -> connect, authok -> plain'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept, reconnect, authok -> plain'
    #     expected: 'connect, authok -> plain'
    #
    #   Failed test ' 'user=testuser gssencmode=prefer sslmode=prefer
    sslnegotiation=postgres' -> connect, sslreject, authok -> plain'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept, reconnect, sslreject, authok -> plain'
    #     expected: 'connect, sslreject, authok -> plain'
    #
    #   Failed test ' 'user=testuser gssencmode=prefer sslmode=require
    sslnegotiation=postgres' -> connect, sslreject -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept, reconnect, sslreject -> fail'
    #     expected: 'connect, sslreject -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    could not initiate GSSAPI security context: No credentials were
    supplied, or the credentials were unavailable or inaccessible:
    Credential cache is empty
    # connection to server at "127.0.0.1", port 14350 failed: server does
    not support SSL, but SSL was required
    #   Failed test ' 'user=testuser gssencmode=prefer sslmode=require
    sslnegotiation=direct' -> connect, directsslreject -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept, reconnect, directsslreject -> fail'
    #     expected: 'connect, directsslreject -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    could not initiate GSSAPI security context: No credentials were
    supplied, or the credentials were unavailable or inaccessible:
    Credential cache is empty
    # connection to server at "127.0.0.1", port 14350 failed: server
    closed the connection unexpectedly
    #     This probably means the server terminated abnormally
    #     before or while processing the request.
    # SSL SYSCALL error: Connection reset by peer (0x00002746/10054)
    #   Failed test ' 'user=testuser gssencmode=require sslmode=disable
    sslnegotiation=postgres' -> - -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept -> fail'
    #     expected: '- -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    could not initiate GSSAPI security context: No credentials were
    supplied, or the credentials were unavailable or inaccessible:
    Credential cache is empty
    #   Failed test ' 'user=testuser gssencmode=require sslmode=allow
    sslnegotiation=postgres' -> - -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept -> fail'
    #     expected: '- -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    could not initiate GSSAPI security context: No credentials were
    supplied, or the credentials were unavailable or inaccessible:
    Credential cache is empty
    #   Failed test ' 'user=testuser gssencmode=require sslmode=prefer
    sslnegotiation=postgres' -> - -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept -> fail'
    #     expected: '- -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    could not initiate GSSAPI security context: No credentials were
    supplied, or the credentials were unavailable or inaccessible:
    Credential cache is empty
    #   Failed test ' 'user=testuser gssencmode=require sslmode=require
    sslnegotiation=postgres' -> - -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept -> fail'
    #     expected: '- -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    could not initiate GSSAPI security context: No credentials were
    supplied, or the credentials were unavailable or inaccessible:
    Credential cache is empty
    #   Failed test ' 'user=testuser gssencmode=require sslmode=require
    sslnegotiation=direct' -> - -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
    #          got: 'connect, gssaccept -> fail'
    #     expected: '- -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    could not initiate GSSAPI security context: No credentials were
    supplied, or the credentials were unavailable or inaccessible:
    Credential cache is empty
    #   Failed test ' 'user=testuser sslmode=prefer' -> connect,
    backenderror -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 333.
    #          got: 'connect, backenderror, reconnect, backenderror -> fail'
    #     expected: 'connect, backenderror -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    server sent an error response during GSS encryption exchange
    # connection to server at "127.0.0.1", port 14350 failed: server sent
    an error response during SSL exchange
    #   Failed test ' 'user=testuser sslmode=prefer' -> connect, v2error -> fail'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 343.
    #          got: 'connect, v2error, reconnect, v2error -> fail'
    #     expected: 'connect, v2error -> fail'
    # psql: error: connection to server at "127.0.0.1", port 14350 failed:
    server sent an error response during GSS encryption exchange
    # connection to server at "127.0.0.1", port 14350 failed: server sent
    an error response during SSL exchange
    #   Failed test ' 'user=testuser sslmode=prefer' -> connect,
    sslaccept, backenderror, reconnect, authok -> plain'
    #   at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 353.
    #          got: 'connect, gssaccept, reconnect, sslaccept,
    backenderror, reconnect, authok -> plain'
    #     expected: 'connect, sslaccept, backenderror, reconnect, authok -> plain'
    #
    # Looks like you failed 13 tests of 55.
    
    --
    Regards,
    Nazir Bilal Yavuz
    Microsoft