XMPP & Kerberos 5

[Edward Murrell]

Openfire, MIT Kerberos (I've done it elsewhere with Heimdal) and
OpenLDAP, with the Cyrus saslauthd daemon to allow plain text logins.

This link was incredibly helpful for getting saslauthd to comply;
http://www.semicomplete.com/articles/openldap-with-saslauthd/

GSSAPI and plain text logins work off the same password. As Russ
Allberry pointed out in the other sub thread, this is not the best
policy, so all the non-SSL channels, XMPP or otherwise, are disabled.

(If this was for a company, rather than a personal domain, I'd probably
do things slightly differently.)

Cheers,
Edward


On Mon, 2009-11-30 at 10:25 +0100, Oliver Schmidt wrote:
> Hi,
> 
> I'm currently trying to setup an XMPP server with Kerberos 5  
> authentication. I've been using eJabberd 2.0.5 with username/password  
> authentication for a while. Now, I would like to use Kerberos in order to  
> make my services more comfortable with SSO.
> 
> Unfortunately, I failed using an GSSAPI patch for eJabberd together with  
> my Kerberos system. After that, I tried using Openfire, which didn't work  
> out for me either. Now, that I've read about that institution-wide XMPP  
> service the MIT offers, I know that XMPP _must_ work with Kerberos  
> somehow. Can you tell me how you set it up and, respectively, which  
> software you did use?
> 
> Thank you in advance!
> 
> Yours
> 
> O. Schmidt
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos