[Wocky] Adium and GSSAPI
Ken Raeburn
raeburn at MIT.EDU
Sun Jan 6 06:00:08 EST 2008
Okay, it looks like 1.2 has been released, and I didn't have time to
get some fixes made and submitted. So, here are my observations:
* By default, strict certificate checking is on for Jabber servers.
It'll complain about mit.edu because it has a self-signed cert.
There is an account option to disable the strict checking, but of
course better would be to get server certificates signed by the MIT
CA and get the MIT CA into people's trusted servers.
* If a "connect server" of jabber.mit.edu is specified for an mit.edu
Jabber account, then GSSAPI authentication will fail. Unfortunately,
in this case, it doesn't fall back to password authentication. So
you need to remove the connect server, if you have one listed. (Note
that IS&T's current recommended settings for Adium include the
connect server.)
* There's a bug in the old version of the OpenFire server running on
jabber.mit.edu -- Greg knows the details -- which causes session
establishment to fail even though GSSAPI authentication succeeded.
Then, Adium falls back to password authentication, but for some
reason it doesn't seem to be working for me. I'm not sure if this is
related to the OpenFire issue or something new.
* The Zephyr support has been compiled without Kerberos support, and
is therefore useless; it cannot talk to the MIT servers.
So, my recommendation (unofficial, not endorsed by IS&T, caveat
emptor, your mileage may vary, no lifeguard on duty, etc, etc) is:
Don't even bother right now.
Ken
More information about the Wocky
mailing list