Instant Messaging client-server solution?
Russ Allbery
rra at stanford.edu
Mon May 23 17:42:32 EDT 2011
Jaap Winius <jwinius at umrk.nl> writes:
> Regarding the Openfire server configuration, is it correct to say that,
> when using GSSAPI, it's not necessary to create any user accounts on the
> server?
I think there's some sort of auto-creation that happens, but I don't
recall any of the details for how that works here.
> Also, have you already upgraded to Openfire 3.7.0 using the same methods
> as described in the IT Lab blog, or are you still something closer to
> v3.5.2?
We're running 3.6.4 currently.
> Leave the password blank? It keeps prompting me for a password when I
> try to attach to the server, but that's not what you mean, right?
Right. That means that it's not working.
> That describes how to configure Pidgin for Windows. All of my site's
> workstations have the version that comes with Debian squeeze (v2.7.3).
> These two versions may be mostly the same, except that the Windows
> version has a "Use encryption if available" option. The Linux version
> doesn't have that, but perhaps not selecting either of its encryption
> options (in addition to not selecting the "allow plaintext auth" option)
> is equivalent to that.
This just works for me on Linux. I add the server, leaving password
blank, and it silently does GSS-API authentication and logs me in.
Double-check that you have the GSS-API authentication modules for SASL
installed. On Debian, these are in a separate package
(libsasl2-modules-gssapi-mit) from the main SASL libraries and therefore
aren't pulled in by default.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list