On 02/09/2012 07:24 AM, Dale Macartney wrote:
> Hey Erin
> that would be fantastic, thanks very much.
> I have to admit, i had a bit of a chuckle re: your comment of kerberos
> acting in the event of no password. I would have *never* thought of that
> haha.
> Dale
> On 02/09/2012 04:01 PM, Erinn Looney-Triggs wrote:
>> On 02/09/2012 06:48 AM, Dale Macartney wrote:
>>> Morning all
>>> I have a working setup of ejabberd authenticated to pam on an IPA client
>>> which works great.. However, unlike my other projects to provide
>>> details of integration with IPA, I am struggling with the SSO aspect of
>>> it, simply because of a lack of knowledge of jabber packages. (Currently
>>> I have used ejabberd and pidgin for testing, and from an end user view
>>> point, there doesn't appear to be an option to select kerberos to
>>> authenticate with).
>>> My goal, like other services is to tap *a* jabber service (can be
>>> anything) into ipa for single sign on.
>>> What is the general feeling in the community around jabber in the
>>> enterprise? (Useful or not? Best practices?)
>>> What is your preferred jabber software (server and client would be handy
>>> to know for testing) and why?
>>> Does it support GSSAPI?
>>> Many thanks
>>> Dale
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Dale,
>> I built a setup using openfire (the IM server) that utilized kerberos.
>> It is slightly tricky unfortunately, kerberos has been the realm of
>> universities and big business for a long time so a lot of things are not
>> straight forward.
>> Pidgin does natively support kerberos so you can use that easily, the
>> way to use kerberos in pidgin is simply not to provide it with any
>> password info, it will try kerberos in the process. This works both on
>> windows (using kfw) and linux systems, probably macs too, but I have
>> never tested it on macs.
>> I will see if I can dig up some notes from configuring openfire.
>> -Erinn

Basically the best notes that I have come from here:

The instructions are terse and it is a bit of a slog.

Pay particular attention to the custom jar file that comes from MIT, you
need to edit this to set your realm in there.


Attachment: signature.asc
Description: OpenPGP digital signature

Freeipa-users mailing list

Reply via email to