Instant Messaging client-server solution?

Jaap Winius jwinius at umrk.nl
Mon May 23 15:40:05 EDT 2011


Quoting Russ Allbery <rra at stanford.edu>:

Regarding the Openfire server configuration, is it correct to say  
that, when using GSSAPI, it's not necessary to create any user  
accounts on the server?

Also, have you already upgraded to Openfire 3.7.0 using the same  
methods as described in the IT Lab blog, or are you still something  
closer to v3.5.2?

> Pidgin just worked for us.  There is indeed no UI, which is remarkably
> annoying.  But if you have Kerberos tickets already and you just leave the
> password field in Pigdin blank, it will do a GSS-API authentication if the
> server supports it.

Leave the password blank? It keeps prompting me for a password when I  
try to attach to the server, but that's not what you mean, right?

> https://itservices.stanford.edu/service/instantmessaging has our end-user
> documentation.  We require GSS-API authentication be used, so this has the
> details of how to configure the various clients we support.

That describes how to configure Pidgin for Windows. All of my site's  
workstations have the version that comes with Debian squeeze (v2.7.3).  
These two versions may be mostly the same, except that the Windows  
version has a "Use encryption if available" option. The Linux version  
doesn't have that, but perhaps not selecting either of its encryption  
options (in addition to not selecting the "allow plaintext auth"  
option) is equivalent to that.

Cheers,

Jaap




More information about the Kerberos mailing list