Revert "Add support for Kerberos credential delegation"

This reverts commit 3d4fa227bc.

Per discussion and buildfarm, this depends on APIs that seem to not
be available on at least one platform (NetBSD).  Should be certainly
possible to rework to be optional on that platform if necessary but bit
late for that at this point.

Discussion: https://postgr.es/m/3286097.1680922218@sss.pgh.pa.us

doc/src/sgml/config.sgml

@@ -1190,23 +1190,6 @@ include_dir 'conf.d'
       </listitem>
      </varlistentry>
 
-     <varlistentry id="guc-gss-accept-deleg" xreflabel="gss_accept_deleg">
-      <term><varname>gss_accept_deleg</varname> (<type>boolean</type>)
-      <indexterm>
-       <primary><varname>gss_accept_deleg</varname> configuration parameter</primary>
-      </indexterm>
-      </term>
-      <listitem>
-       <para>
-        Sets whether GSSAPI delegation should be accepted from the client.
-        The default is <literal>off</literal> meaning credentials from the client will
-        NOT be accepted.  Changing this to <literal>on</literal> will make the server
-        accept credentials delegated to it from the client. This parameter can only be
-        set in the <filename>postgresql.conf</filename> file or on the server command line.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace">
       <term><varname>db_user_namespace</varname> (<type>boolean</type>)
       <indexterm>

doc/src/sgml/dblink.sgml

@@ -117,9 +117,8 @@ dblink_connect(text connname, text connstr) returns text
 
    <para>
     Only superusers may use <function>dblink_connect</function> to create
-    non-password-authenticated and non-GSSAPI-authenticated connections.
-    If non-superusers need this capability, use
-    <function>dblink_connect_u</function> instead.
+    non-password-authenticated connections.  If non-superusers need this
+    capability, use <function>dblink_connect_u</function> instead.
    </para>
 
    <para>

doc/src/sgml/libpq.sgml

@@ -2054,18 +2054,6 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
       </listitem>
      </varlistentry>
 
-     <varlistentry id="libpq-connect-gssdeleg" xreflabel="gssdeleg">
-      <term><literal>gssdeleg</literal></term>
-      <listitem>
-       <para>
-        Forward (delegate) GSS credentials to the server.  The default is
-        <literal>disable</literal> which means credentials will not be forwarded
-        to the server.  Set this to <literal>enable</literal> to have
-        credentials forwarded when possible.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry id="libpq-connect-service" xreflabel="service">
       <term><literal>service</literal></term>
       <listitem>
@@ -2727,25 +2715,6 @@ int PQconnectionUsedPassword(const PGconn *conn);
       </para>
      </listitem>
     </varlistentry>
-
-    <varlistentry id="libpq-PQconnectionUsedGSSAPI">
-     <term><function>PQconnectionUsedGSSAPI</function><indexterm><primary>PQconnectionUsedGSSAPI</primary></indexterm></term>
-     <listitem>
-      <para>
-       Returns true (1) if the connection authentication method
-       used GSSAPI. Returns false (0) if not.
-
-<synopsis>
-int PQconnectionUsedGSSAPI(const PGconn *conn);
-</synopsis>
-      </para>
-
-      <para>
-       This function can be applied to detect whether the connection was
-       authenticated with GSSAPI.
-      </para>
-     </listitem>
-    </varlistentry>
    </variablelist>
   </para>
 
@@ -8268,16 +8237,6 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
      </para>
     </listitem>
 
-    <listitem>
-     <para>
-      <indexterm>
-       <primary><envar>PGGSSDELEG</envar></primary>
-      </indexterm>
-      <envar>PGGSSDELEG</envar> behaves the same as the <xref
-      linkend="libpq-connect-gssdeleg"/> connection parameter.
-     </para>
-    </listitem>
-
     <listitem>
      <para>
       <indexterm>

doc/src/sgml/monitoring.sgml

@@ -3573,15 +3573,6 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
        True if GSSAPI encryption is in use on this connection
       </para></entry>
      </row>
-
-     <row>
-      <entry role="catalog_table_entry"><para role="column_definition">
-       <structfield>credentials_delegated</structfield> <type>boolean</type>
-      </para>
-      <para>
-       True if GSSAPI credentials were delegated on this connection.
-      </para></entry>
-     </row>
     </tbody>
    </tgroup>
   </table>

doc/src/sgml/postgres-fdw.sgml

@@ -169,10 +169,9 @@
     <literal>sslcert</literal> or <literal>sslkey</literal> settings.
    </para>
    <para>
-    Non-superusers may connect to foreign servers using password
-    authentication or with GSSAPI delegated credentials, so specify the
-    <literal>password</literal> option for user mappings belonging to
-    non-superusers where password authentication is required.
+    Only superusers may connect to foreign servers without password
+    authentication, so always specify the <literal>password</literal> option
+    for user mappings belonging to non-superusers.
    </para>
    <para>
     A superuser may override this check on a per-user-mapping basis by setting