Edward Murrell <[email protected]> writes: > GSSAPI and plain text logins work off the same password. As Russ > Allberry pointed out in the other sub thread, this is not the best > policy, so all the non-SSL channels, XMPP or otherwise, are disabled.
We were very pleasantly surprised at how universal both GSSAPI and TLS support are in current XMPP clients. We were expecting requiring one or the other to be a big hassle, but we require both and haven't had many serious problems. http://im.stanford.edu/ has our user documentation, in case anyone finds it useful. We're running OpenFire as the server. (It has some serious issues and I'd rather run something else, but the GSSAPI support at least is fairly good. Even if it gets horribly confused by unqualified principal names in places and then starts throwing Java exceptions.) -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
