Re: weird libpq GSSAPI comment

On 2019-Dec-27, Stephen Frost wrote:

> Maybe part of the confusion here is that there's two different things- a
> credential cache, and then a credential *handle*.  Calling
> gss_acquire_cred() will, if a credential *cache* exists, return to us a
> credential *handle* (in the form of conn->gcred) that we then pass to
> gss_init_sec_context().

Hmm, ok, yeah I certainly didn't understand that -- I was thinking that
the call was creating the credential cache itself, not a *handle* to
access it (I suppose that terminology must be clear to somebody familiar
with GSS).

> Hopefully that helps.  I'm certainly happy to work with you to reword
> the comment, of course, but let's make sure there's agreement and
> understanding of what the code does first.

How about this?

                 * If GSSAPI is enabled and we can reach a credential cache,
                 * set up a handle for it; if it's operating, just send a
                 * GSS startup message, instead of the SSL negotiation and
                 * regular startup message below.

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services