I’'m having trouble getting GSSAPI to work. The server is RHEL5 with openfire-3.3.2-1.i386.rpm and JCE policy distribution from java.sun.com and the client is RHEL4 with the latest Pidgin release.
But I can’'t even get as far as getting openfire to read my gss.conf file. Both an strace -f -o log and the “stat” command clearly shows that the file is never read by openfire at all.
Snippets from my openfire.xml:
I can’'t find any permissions problems either. Any suggestions on how I can get the server to find my gss.conf file?
The file wont get read until the the client sends a GSSAPI auth packet- so make sure Pidgin is really trying GSSAPI. Turn on the debug window and watch the traffic. To get Pidgin to work with GSSAPI, you need to have the cyrus sasl library installed. Often the MIT and HEIMDAL GSSAPI libs for cyrus are packaged seperately, so make sure you have those installed.
As a side note, EXTERNAL auth for clients is broken, so you might want to pull that out. . I dont know of any clients that implement it currently (Im sure there are some, though), but if they do try to use it it will just puke. I hope to get this fixed someday soon (along with support for it in Spark)