Openfire, MIT Kerberos (I've done it elsewhere with Heimdal) and OpenLDAP, with the Cyrus saslauthd daemon to allow plain text logins.
This link was incredibly helpful for getting saslauthd to comply; http://www.semicomplete.com/articles/openldap-with-saslauthd/ GSSAPI and plain text logins work off the same password. As Russ Allberry pointed out in the other sub thread, this is not the best policy, so all the non-SSL channels, XMPP or otherwise, are disabled. (If this was for a company, rather than a personal domain, I'd probably do things slightly differently.) Cheers, Edward On Mon, 2009-11-30 at 10:25 +0100, Oliver Schmidt wrote: > Hi, > > I'm currently trying to setup an XMPP server with Kerberos 5 > authentication. I've been using eJabberd 2.0.5 with username/password > authentication for a while. Now, I would like to use Kerberos in order to > make my services more comfortable with SSO. > > Unfortunately, I failed using an GSSAPI patch for eJabberd together with > my Kerberos system. After that, I tried using Openfire, which didn't work > out for me either. Now, that I've read about that institution-wide XMPP > service the MIT offers, I know that XMPP _must_ work with Kerberos > somehow. Can you tell me how you set it up and, respectively, which > software you did use? > > Thank you in advance! > > Yours > > O. Schmidt > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
