[Wocky] Adium and GSSAPI

Ken Raeburn raeburn at MIT.EDU
Mon Dec 31 05:56:13 EST 2007


On Dec 28, 2007, at 00:03, I wrote:
> It looks like Adium 1.2 is likely to support GSSAPI authentication  
> to the Jabber server.  [...]

Now 1.2b7 is out, and it has some of the problems fixed.  However, I  
can't authenticate to the mit.edu jabber server at all now!  It's  
trying to get credentials to xmpp/web.mit.edu, presumably because  
it's mapping mit.edu to 18.7.22.69 to web.mit.edu somewhere, possibly  
in the Kerberos support (a known and long-standing issue), possibly  
elsewhere.  That service doesn't exist in our database, so the  
authentication attempt fails.

I'm also not 100% sure whether xmpp/mit.edu (based on the user- 
supplied account name) or xmpp/jabber.mit.edu (based on the name of  
the server actually in use, which is looked up insecurely in DNS SRV  
records) is the correct name to use.  It looks like Athena's gaim  
uses the latter; is that what the spec says?  I vaguely recall some  
discussion on this point long ago, but I don't remember the details  
and haven't managed to track down any info online so far.

To make matters worse, if GSSAPI authentication fails, Adium 1.2b7  
delays and tries again; it doesn't fall back to password-based  
authentication.

Ken



More information about the Wocky mailing list