Feature Request: In our environment, users must change there active directory account passwords every 30 days. It would be so helpful if there was an option to have spark auto-logon with the current windows credentials, such that when a user changed their active directory account password, no change would have to be made in Spark.
Perhaps not many people see this as an important feature, or I didnt explain myself clearly.
Let me restate:
An option to automatically logon to spark with the current logged-in windows credentials would be nice. This would allow people in a Windows Active Directory environment to use the existing automatic logon (remember username and password) without having to change their password in Spark when their domain account password has changed.
Let me add that I think this product in conjuction with wildfire is the best OSS corporate IM solution available. It is probably only a few dev cycles and feature updates away from being truly enterprise ready.
I would also love to see this feature. I have integrated LDAP authentication with Active Directory and having Spark be truely single sign-on would be amazing.
Well it seems that this topic has some users excited, but no posts from any devs or mods? Is this something we can hope will be considered for a future release or no?
Thanks for the response. I agree, if it’‘s not secure or opens up some vulnerability, it’'s not worth it. Ill wait to hear what you come up with. Thanks again!
Im working on a way to have Wildfire use GSSAPI authentication (read: Kerberos 5). Since Windows AD basicly uses the same API as Kerberos, it should be fairly simple to get working in a windows envionment once Kerberos support is there. However, since Spark is not Open Source, I wont be able to put the modifications into Spark out there. I will be putting together some sample Java apps that demonstrate how to do this correctly, so when I get that done hopfully the Jivesoft guys can integrate it (They are always quick, Im sure it wont be a problem)
For those worried about security, GSSAPI/Kerberos logins are secure. Far more secure than the current methods used, as no form of the user’'s password ever crosses the network. I can provide references if anyone wants more detail as to why.