Instant Messaging client-server solution?
Jaap Winius
jwinius at umrk.nl
Mon May 23 15:40:05 EDT 2011
Quoting Russ Allbery <rra at stanford.edu>:
Regarding the Openfire server configuration, is it correct to say
that, when using GSSAPI, it's not necessary to create any user
accounts on the server?
Also, have you already upgraded to Openfire 3.7.0 using the same
methods as described in the IT Lab blog, or are you still something
closer to v3.5.2?
> Pidgin just worked for us. There is indeed no UI, which is remarkably
> annoying. But if you have Kerberos tickets already and you just leave the
> password field in Pigdin blank, it will do a GSS-API authentication if the
> server supports it.
Leave the password blank? It keeps prompting me for a password when I
try to attach to the server, but that's not what you mean, right?
> https://itservices.stanford.edu/service/instantmessaging has our end-user
> documentation. We require GSS-API authentication be used, so this has the
> details of how to configure the various clients we support.
That describes how to configure Pidgin for Windows. All of my site's
workstations have the version that comes with Debian squeeze (v2.7.3).
These two versions may be mostly the same, except that the Windows
version has a "Use encryption if available" option. The Linux version
doesn't have that, but perhaps not selecting either of its encryption
options (in addition to not selecting the "allow plaintext auth"
option) is equivalent to that.
Cheers,
Jaap
More information about the Kerberos
mailing list