-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/10/13 8:47 AM, Matt Miller wrote: > > On May 10, 2013, at 8:29 AM, Alexander Gnauck > <[email protected]> wrote: > >> currently I have some issues with the kerberos principal in >> GSSAPI SASL authentication. What is the correct way for building >> the kerberos principal for authentication in the client? >> >> 1) xmpp/xmppdomain@realm 2) xmpp/hostname@realm >> >> with hostname I mean the host we are connecting the TCP socket >> to according to SRV lookups. >> >> I have tested only on Cisco XCP and M-Link yet. XCP puts the >> kerberos principal in a special attribute which is nice and it >> looks like Mink wants the hostname here and not the xmpp domain. >> > > We tried to address this with domain principals > (<service>/<host-for-domain>/<domain>@REALM) and [XEP-0233], but > that as gone deferred. I think there was one implementation each > (client, server) but I've lost track of them. I'd be happy to help > move that to draft if there is interest.
+1 on moving it forward. Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRjQ5VAAoJEOoGpJErxa2p4FYP/ApeOiQpZ9bA/EgU8HKXl0hY mUbyAkqG9aTD8BW6+ez4wmFieY7FJgFafINZZvkAPeyZbX3kAdyszfr8ga6x6byC idJKRwWaYe9QDrTa8Wp04+ofjuCHHt5FLDr1L2igDmszT6NdI4WxAoFNw/gEJi6a VtbLKCPVpWSwvMzB5MVwV+dYC4A7Puh9eWQ/IHMrJBUytktLqiMDIrGL9PRuCSJ0 p/4nX9l8rC5ixu2HXdOO5B45/+kSsGMj/R/X+IOQ+bYS/dVOgv8HL64tdQsNsHe+ Vnd/d0r6U88VdhMKon0nB0jztdQcUMZrOoaBhKMtuOCK0IhMTvVRspPUf0QDss+l HEVFrXcJtHdC+Pq5iweTfy6GGpK2RMuGk4YzPwGID/AqYoZKGv4uBNcL2czid23L LDEtjjGaZoUBXi1WnLJ+RrJPlaQq+1VsMUmG5qcvG9nV2/i7RKpZOkIgaL6hXPh+ DIQOuQ7U5HAndtOXY95r/6yjD9TJ7eSZfRKjdPFtZffrNwDq4snTE9AXB5WRKpvw nOTeF0b7PYNMpwQjJB8hPPxomfCEtfcmobhsX/ZwAISBo1VHajBThYQlzJYtf+da C79RHo6V5DxrusemhHyFQFjuqKgxRIh6TvUjAGCEQV2JFCG4OCl4QIP0HGNpEeJB PEphwwgN0IbDhj79z38w =eyK3 -----END PGP SIGNATURE-----
