Explicitly require MIT Kerberos for GSSAPI

WHen building with GSSAPI support, explicitly require MIT Kerberos and
check for gssapi_ext.h in configure.ac and meson.build.  Also add
documentation explicitly stating that we now require MIT Kerberos when
building with GSSAPI support.

Reveiwed by: Johnathan Katz
Discussion: https://postgr.es/m/abcc73d0-acf7-6896-e0dc-f5bc12a61bb1@postgresql.org

2 files changed, 12 insertions, 11 deletions

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index dbba289600..204d09df67 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1426,7 +1426,7 @@ omicron         bryanh                  guest1
     The keytab file is generated using the Kerberos software; see the
     Kerberos documentation for details. The following example shows
     doing this using the <application>kadmin</application> tool of
-    MIT-compatible Kerberos 5 implementations:
+    MIT Kerberos:
 <screen>
 <prompt>kadmin% </prompt><userinput>addprinc -randkey postgres/server.my.domain.org</userinput>
 <prompt>kadmin% </prompt><userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</userinput>
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index f451204854..3d839d665a 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -252,9 +252,9 @@ documentation.  See standalone-profile.xsl for details.
 
     <listitem>
      <para>
-      You need <application>Kerberos</application>, <productname>OpenLDAP</productname>,
-      and/or <application>PAM</application>, if you want to support authentication
-      using those services.
+      You need <application>MIT Kerberos</application> (for GSSAPI),
+      <productname>OpenLDAP</productname>, and/or <application>PAM</application>,
+      if you want to support authentication using those services.
      </para>
     </listitem>
 
@@ -1048,9 +1048,9 @@ build-postgresql:
        <term><option>--with-gssapi</option></term>
        <listitem>
         <para>
-         Build with support for GSSAPI authentication. On many systems, the
-         GSSAPI system (usually a part of the Kerberos installation) is not
-         installed in a location
+         Build with support for GSSAPI authentication. MIT Kerberos is required
+         to be installed for GSSAPI.  On many systems, the GSSAPI system (a part
+         of the MIT Kerberos installation) is not installed in a location
          that is searched by default (e.g., <filename>/usr/include</filename>,
          <filename>/usr/lib</filename>), so you must use the options
          <option>--with-includes</option> and <option>--with-libraries</option> in
@@ -2497,10 +2497,11 @@ ninja install
       <term><option>-Dgssapi={ auto | enabled | disabled }</option></term>
       <listitem>
        <para>
-        Build with support for GSSAPI authentication. On many systems, the
-        GSSAPI system (usually a part of the Kerberos installation) is not
-        installed in a location that is searched by default (e.g.,
-        <filename>/usr/include</filename>, <filename>/usr/lib</filename>).  In
+        Build with support for GSSAPI authentication. MIT Kerberos is required
+        to be installed for GSSAPI.  On many systems, the GSSAPI system (a part
+        of the MIT Kerberos installation) is not installed in a location
+        that is searched by default (e.g., <filename>/usr/include</filename>,
+        <filename>/usr/lib</filename>).  In
         those cases, PostgreSQL will query <command>pkg-config</command> to
         detect the required compiler and linker options.  Defaults to auto.
         <filename>meson configure</filename> will check for the required