XMPP & Kerberos 5
Edward Murrell
edward at murrell.co.nz
Mon Nov 30 15:45:46 EST 2009
Openfire, MIT Kerberos (I've done it elsewhere with Heimdal) and
OpenLDAP, with the Cyrus saslauthd daemon to allow plain text logins.
This link was incredibly helpful for getting saslauthd to comply;
http://www.semicomplete.com/articles/openldap-with-saslauthd/
GSSAPI and plain text logins work off the same password. As Russ
Allberry pointed out in the other sub thread, this is not the best
policy, so all the non-SSL channels, XMPP or otherwise, are disabled.
(If this was for a company, rather than a personal domain, I'd probably
do things slightly differently.)
Cheers,
Edward
On Mon, 2009-11-30 at 10:25 +0100, Oliver Schmidt wrote:
> Hi,
>
> I'm currently trying to setup an XMPP server with Kerberos 5
> authentication. I've been using eJabberd 2.0.5 with username/password
> authentication for a while. Now, I would like to use Kerberos in order to
> make my services more comfortable with SSO.
>
> Unfortunately, I failed using an GSSAPI patch for eJabberd together with
> my Kerberos system. After that, I tried using Openfire, which didn't work
> out for me either. Now, that I've read about that institution-wide XMPP
> service the MIT offers, I know that XMPP _must_ work with Kerberos
> somehow. Can you tell me how you set it up and, respectively, which
> software you did use?
>
> Thank you in advance!
>
> Yours
>
> O. Schmidt
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list