GSSAPI does not work in Openfire 4.8

After upgrading from version 4.7.8 to version 4.8, GSSAPI stopped working.
Clients are not connecting to the server.

1 Like

Is there any indication in the log files that could help diagnose this problem?

When the client is connected, nothing is written to the log files.
If you specify the login and password in the client settings, the connection is successful, but with transparent authorization the client does not connect.
Log openfire in attachment/
openfire.log (139,8 КБ)

which client are you using? is this in a windows environment?

For fun, I quickly set up SSO in my vanilla lab.
Using the following:
Windows Server 2022 Domain Controller : On Prem Active Directory Only (NO azure ad)
Windows Server 2019 running Openfire 4.8 using Adoptium OpenJDK 21
Windows 10 Pro running Spark 3.0.2 using Adoptium OpenJDK 21
Created a keytab using AES256

Results: GSSAPI/SSO worked as expected.

1 Like

I have this configuration:
Windows Server 2008 Domain Controller
Centos 7 running Openfire 4.8 using OpenJDK 21
Windows 10 Pro running Miranda NG
Created a keytab using AES256

GSSAPI does not connect.
Initially the key was without encryption, the result is the same

I just tested with Miranda NG and it works as well. Sounds like there may be something odd with your setup. are there ant clues in the logs?

1 Like

netlog_error.txt (5,7 КБ)
netlog_ok.txt (1,1 МБ)
In the attachment are 2 logs:
netlog_ok - when connecting to Openfire 4.7.5
netlog_error - when connecting to Openfire 4.8.0
Both servers are configured identically, only in Openfire 4.7.5 keytab files without encryption.
On Openfire 4.8 without encryption, it also does not connect

I noticed that you are connecting to different IP. Do you have the correct DNS records and PTR records?

I also see this

[10:05:23 1DD4] Security error 0x80090303 on line 334 (Указано неизвестное расположение или оно недоступно)