On 02/09/2012 07:24 AM, Dale Macartney wrote:
> 
> Hey Erin
> 
> that would be fantastic, thanks very much.
> 
> I have to admit, i had a bit of a chuckle re: your comment of kerberos
> acting in the event of no password. I would have *never* thought of that
> haha.
> 
> Dale
> 
> 
> 
> On 02/09/2012 04:01 PM, Erinn Looney-Triggs wrote:
>> On 02/09/2012 06:48 AM, Dale Macartney wrote:
>>>
>>> Morning all
>>>
>>> I have a working setup of ejabberd authenticated to pam on an IPA client
>>> which works great.. However, unlike my other projects to provide
>>> details of integration with IPA, I am struggling with the SSO aspect of
>>> it, simply because of a lack of knowledge of jabber packages. (Currently
>>> I have used ejabberd and pidgin for testing, and from an end user view
>>> point, there doesn't appear to be an option to select kerberos to
>>> authenticate with).
>>>
>>> My goal, like other services is to tap *a* jabber service (can be
>>> anything) into ipa for single sign on.
>>>
>>> What is the general feeling in the community around jabber in the
>>> enterprise? (Useful or not? Best practices?)
>>> What is your preferred jabber software (server and client would be handy
>>> to know for testing) and why?
>>> Does it support GSSAPI?
>>>
>>> Many thanks
>>>
>>> Dale
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
>> Dale,
>> I built a setup using openfire (the IM server) that utilized kerberos.
>> It is slightly tricky unfortunately, kerberos has been the realm of
>> universities and big business for a long time so a lot of things are not
>> straight forward.
> 
>> Pidgin does natively support kerberos so you can use that easily, the
>> way to use kerberos in pidgin is simply not to provide it with any
>> password info, it will try kerberos in the process. This works both on
>> windows (using kfw) and linux systems, probably macs too, but I have
>> never tested it on macs.
> 
>> I will see if I can dig up some notes from configuring openfire.
> 
>> -Erinn
> 
> 

Basically the best notes that I have come from here:
http://itlab.stanford.edu/blog/archives/2009/test-services/openfire-and-kerberos-implementation-notes

The instructions are terse and it is a bit of a slog.

Pay particular attention to the custom jar file that comes from MIT, you
need to edit this to set your realm in there.

-Erinn


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to