EXTERNAL c2s auth (almost)

Ive modified (with some help from Gato) openfire to handle EXTERNAL auth for c2s connections (its in trunk if you want to see). The problem so far is clients- Smack dosnt handle EXTERNAL auth correctly, thus neither does Spark. That makes it a bit harder to test things. Ive found tkabber correctly handles sending client certificates on SSL/TLS connections, and was easy enough to modify to deal with EXTERNAL auth. The problem is, after a successful authentication, the connection gets dropped.

Gato: this is mostly for you, but anyone else might have some insight is welcome to chime in.

How do I go about tracking this problem down? There is nothing in the logs after the successful auth.