From wocky at mit.edu Sun Dec 9 21:42:00 2007 From: wocky at mit.edu (VIAGRA ® Official Site) Date: Sun, 9 Dec 2007 21:42:00 -0500 (EST) Subject: [Wocky] December 78% OFF Message-ID: <20071209024200.2657.qmail@dsl-189-144-15-208.prod-infinitum.com.mx> An HTML attachment was scrubbed... URL: http://mailman.mit.edu/pipermail/wocky/attachments/20071209/3a1800c6/attachment.htm From wocky at mit.edu Fri Dec 14 05:55:16 2007 From: wocky at mit.edu (VIAGRA ® Official Site) Date: Fri, 14 Dec 2007 05:55:16 -0500 (EST) Subject: [Wocky] December 79% OFF Message-ID: <20071214145513.5264.qmail@dsl.dynamic859920198.ttnet.net.tr> An HTML attachment was scrubbed... URL: http://mailman.mit.edu/pipermail/wocky/attachments/20071214/0a72acb5/attachment.htm From wocky at mit.edu Thu Dec 20 01:39:23 2007 From: wocky at mit.edu (VIAGRA ® Official Site) Date: Thu, 20 Dec 2007 01:39:23 -0500 (EST) Subject: [Wocky] SALE 70% OFF on Pfizer Message-ID: <20071220170924.13754.qmail@spares150> An HTML attachment was scrubbed... URL: http://mailman.mit.edu/pipermail/wocky/attachments/20071220/541cc05c/attachment.htm From wocky at mit.edu Sat Dec 22 13:47:08 2007 From: wocky at mit.edu (Canadian Doctor Katheryn) Date: Sat, 22 Dec 2007 13:47:08 -0500 (EST) Subject: [Wocky] MedHelp 18054771 Message-ID: <20071222104712.5856.qmail@ersin> An HTML attachment was scrubbed... URL: http://mailman.mit.edu/pipermail/wocky/attachments/20071222/a7f1256a/attachment.htm From raeburn at MIT.EDU Fri Dec 28 00:03:44 2007 From: raeburn at MIT.EDU (Ken Raeburn) Date: Fri, 28 Dec 2007 00:03:44 -0500 Subject: [Wocky] Adium and GSSAPI Message-ID: <13552CB9-5AE3-43EA-99C5-45CAD4985867@mit.edu> It looks like Adium 1.2 is likely to support GSSAPI authentication to the Jabber server. The current beta (1.2b5) has some of the code, but because of how some workarounds for OS bugs were handled, it will prefer password-based authentication when running on Tiger. (Also, 1.2b5 breaks authenticated Zephyr support.) Patches have gone in that should fix the problem on Tiger, and clean up some UI issues; I'll try out the next beta when it comes along, and try to make sure it's working. Ken From raeburn at MIT.EDU Mon Dec 31 05:56:13 2007 From: raeburn at MIT.EDU (Ken Raeburn) Date: Mon, 31 Dec 2007 05:56:13 -0500 Subject: [Wocky] Adium and GSSAPI In-Reply-To: <13552CB9-5AE3-43EA-99C5-45CAD4985867@mit.edu> References: <13552CB9-5AE3-43EA-99C5-45CAD4985867@mit.edu> Message-ID: <8DD9414B-5E70-4659-9DE0-030F5E096260@mit.edu> On Dec 28, 2007, at 00:03, I wrote: > It looks like Adium 1.2 is likely to support GSSAPI authentication > to the Jabber server. [...] Now 1.2b7 is out, and it has some of the problems fixed. However, I can't authenticate to the mit.edu jabber server at all now! It's trying to get credentials to xmpp/web.mit.edu, presumably because it's mapping mit.edu to 18.7.22.69 to web.mit.edu somewhere, possibly in the Kerberos support (a known and long-standing issue), possibly elsewhere. That service doesn't exist in our database, so the authentication attempt fails. I'm also not 100% sure whether xmpp/mit.edu (based on the user- supplied account name) or xmpp/jabber.mit.edu (based on the name of the server actually in use, which is looked up insecurely in DNS SRV records) is the correct name to use. It looks like Athena's gaim uses the latter; is that what the spec says? I vaguely recall some discussion on this point long ago, but I don't remember the details and haven't managed to track down any info online so far. To make matters worse, if GSSAPI authentication fails, Adium 1.2b7 delays and tries again; it doesn't fall back to password-based authentication. Ken From ghudson at MIT.EDU Mon Dec 31 11:01:45 2007 From: ghudson at MIT.EDU (Greg Hudson) Date: Mon, 31 Dec 2007 11:01:45 -0500 Subject: [Wocky] Adium and GSSAPI In-Reply-To: <8DD9414B-5E70-4659-9DE0-030F5E096260@mit.edu> References: <13552CB9-5AE3-43EA-99C5-45CAD4985867@mit.edu> <8DD9414B-5E70-4659-9DE0-030F5E096260@mit.edu> Message-ID: <1199116905.6004.7.camel@error-messages.mit.edu> On Mon, 2007-12-31 at 05:56 -0500, Ken Raeburn wrote: > I'm also not 100% sure whether xmpp/mit.edu (based on the user- > supplied account name) or xmpp/jabber.mit.edu (based on the name of > the server actually in use, which is looked up insecurely in DNS SRV > records) is the correct name to use. It looks like Athena's gaim > uses the latter; is that what the spec says? Believe yes. That's certainly what jabber.mit.edu has a keytab for, and Spark does it that way as well as Pidgin. In fact, I'm a little puzzled that Adium differs from Pidgin on this front, since they both use libpurple. Could be a version skew issue, since I know Pidgin had this bug for a littlw while; I will try to find time to peer into their svn repository and see. If you're not in a position to build Adium from source, you will probably run into another bug, this time in Openfire, until our server is upgraded to 3.4.2. This bug is that if the client doesn't specify an "authz name", the server will reject with an authorization failure. The server upgrade is expected to happen soon. You can test against wocky.mit.edu; it won't have the domain name mismatch issue (since the XMPP domain matches the hostname for our test server) and it's running 3.4.2 so it won't have the authz name bug. From raeburn at MIT.EDU Mon Dec 31 22:35:10 2007 From: raeburn at MIT.EDU (Ken Raeburn) Date: Mon, 31 Dec 2007 22:35:10 -0500 Subject: [Wocky] Adium and GSSAPI In-Reply-To: <1199116905.6004.7.camel@error-messages.mit.edu> References: <13552CB9-5AE3-43EA-99C5-45CAD4985867@mit.edu> <8DD9414B-5E70-4659-9DE0-030F5E096260@mit.edu> <1199116905.6004.7.camel@error-messages.mit.edu> Message-ID: On Dec 31, 2007, at 11:01, Greg Hudson wrote: > You can test against wocky.mit.edu; it won't have the domain name > mismatch issue (since the XMPP domain matches the hostname for our > test > server) and it's running 3.4.2 so it won't have the authz name bug. This seems to work fine. (And from the debug log window, it looks like the server has my full contact list copied from jabber.mit.edu, though raeburn at wocky.mit.edu isn't allowed to actually see anyone.) So I guess it's a matter of fixing the server name determination, and the 3.4.2 issue. (And then there's fixing the Zephyr issues.) Ken