powered by Jive Software

GSSAPI Only in an LDAP environment


I have my Openfire Server using LDAP (Active Directory) and Kerberos SSO. Currently users can loginto my Openfire server either via SSO or by entering their credentials. I would like to configure my Openfire server to only allow Kerberos SSO logins.

I’ve been able to accomplish this by leaving GSSAPI as the only advertised sasl mechanism and by removing <className>org.jivesoftware.openfire.ldap.LdapAuthProvider</className& gt; from the <provider><auth> section of openfire.xml leaving <classList>org.jivesoftware.openfire.sasl.LooseAuthorizationPolicy</cl assList> as the only entry for <provider><auth>.

The side effect is that I cannot log into the administration web console in this configuration.

Is there any way to allow only Kerberos SSO logins via jabber clients but still allow LDAP authentication to the web admin page?

BTW: I’m using the latest Openfire (3.3.3) release.

In 3.4.0 you can disable non-sasl authentications to accomplish this. (set the property xmpp.auth.iqauth to false)

So I should just hold my horses until 3.4.0 is released?