[Wocky] Adium and GSSAPI
Ken Raeburn
raeburn at MIT.EDU
Mon Dec 31 05:56:13 EST 2007
On Dec 28, 2007, at 00:03, I wrote:
> It looks like Adium 1.2 is likely to support GSSAPI authentication
> to the Jabber server. [...]
Now 1.2b7 is out, and it has some of the problems fixed. However, I
can't authenticate to the mit.edu jabber server at all now! It's
trying to get credentials to xmpp/web.mit.edu, presumably because
it's mapping mit.edu to 18.7.22.69 to web.mit.edu somewhere, possibly
in the Kerberos support (a known and long-standing issue), possibly
elsewhere. That service doesn't exist in our database, so the
authentication attempt fails.
I'm also not 100% sure whether xmpp/mit.edu (based on the user-
supplied account name) or xmpp/jabber.mit.edu (based on the name of
the server actually in use, which is looked up insecurely in DNS SRV
records) is the correct name to use. It looks like Athena's gaim
uses the latter; is that what the spec says? I vaguely recall some
discussion on this point long ago, but I don't remember the details
and haven't managed to track down any info online so far.
To make matters worse, if GSSAPI authentication fails, Adium 1.2b7
delays and tries again; it doesn't fall back to password-based
authentication.
Ken
More information about the Wocky
mailing list