Instant Messaging client-server solution?

Russ Allbery rra at stanford.edu
Mon May 23 17:42:32 EDT 2011


Jaap Winius <jwinius at umrk.nl> writes:

> Regarding the Openfire server configuration, is it correct to say that,
> when using GSSAPI, it's not necessary to create any user accounts on the
> server?

I think there's some sort of auto-creation that happens, but I don't
recall any of the details for how that works here.

> Also, have you already upgraded to Openfire 3.7.0 using the same methods
> as described in the IT Lab blog, or are you still something closer to
> v3.5.2?

We're running 3.6.4 currently.

> Leave the password blank? It keeps prompting me for a password when I
> try to attach to the server, but that's not what you mean, right?

Right.  That means that it's not working.

> That describes how to configure Pidgin for Windows. All of my site's
> workstations have the version that comes with Debian squeeze (v2.7.3).
> These two versions may be mostly the same, except that the Windows
> version has a "Use encryption if available" option. The Linux version
> doesn't have that, but perhaps not selecting either of its encryption
> options (in addition to not selecting the "allow plaintext auth" option)
> is equivalent to that.

This just works for me on Linux.  I add the server, leaving password
blank, and it silently does GSS-API authentication and logs me in.

Double-check that you have the GSS-API authentication modules for SASL
installed.  On Debian, these are in a separate package
(libsasl2-modules-gssapi-mit) from the main SASL libraries and therefore
aren't pulled in by default.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list