Robin Redeker wrote: > Hi! > > > I've received a bugreport for my Perl module AnyEvent::XMPP recently, > that says that I should not pass the domain of the JID as service hostname > to SASL (and later the GSSAPI mechanism). > > Then I've been trying to figure out how the JID is mapped to the service > hostname of the XMPP server for GSSAPI authentication, bringing me to the > conclusion that the RFC 3920 (bis) doesn't say much about the _hostname_ > of the service.
RFC 3920 (or rfc3920bis) doesn't get into the details of particular SASL mechanisms. As far as I know, GSSAPI is the only SASL mechanism that uses the service hostname -- the other mechanisms tend to accept only the username portion of the JID (or a certificate that contains the JID). > So here my question to the broad mass of developers: How should I determine > the hostname of the service I'm authenticating with? As we discussed in the jdev room yesterday, I think you would use the machine-name that you discovered via SRV lookup: http://logs.jabber.org/[email protected]/2009-01-14.html#16:01:06 > I also wonder which server supports GSSAPI mechanims, so that I can > test implementation. It's not the most popular SASL mechanism because not that many organizations deploy Kerberos. Peter _______________________________________________ JDev mailing list Forum: http://www.jabberforum.org/forumdisplay.php?f=20 Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________
