Ive been toying with GSSAPI auth and am making progress, but not there quite yet.
The code in SASLAuthentication is well suited for GSSAPI already, just need to know when to advertise it. For my purposes, I just have it always advertise GSSAPI before PLAIN.
The first problem is that Java needs to know how/where to find the Kerberos information. In the sample app’'s Sun provides, you do this on the commandline and with a config file like so:
java -Djava.security.auth.login.config= SampleServer
Then in that file you speicify the options you want:
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true keyTab="/etc/jabber.keytab" doNotPrompt=true useKeyTab=true realm=“EXAMPLE.COM” principal=“xmpp/hostname.example.com@EXAMPLE.COM” debug=true;
};
With my lack of java experience I dont know how to specify these things elsewhere- like in the wildfire config. For now Ill just add it to the commandline on the start. So, if anyone knows how to supply those config details via another means, Im interested in hearing.