powered by Jive Software

Openfire FreeBSD SSO keytab config fix

Hi to all!
I just finished migrating Openfire server from Virtualbox to FreeBSD jail. And I faced with keytab problem. Again. I forgot password from openfire user. It meant that I should generate new password and keytab. And started. Damned 10 hours, during which I tried all, that can be able to inventing and find. However, at the end I found message in logs that “…no valid credentials provided…”. Some googling and at first glance something off topic
At first glance.
Because adding to krb5.conf in [libdefaults] line:

default_keytab_name = /usr/local/share/java/openfire/resources/xmpp.keytab

And changing header of gss.conf to:

com.sun.security.jgss.initiate

with adding inside of block:

useTicketCache=false

Was fully solved problem with keytab. Which now can be generating on Samba DC with fully default functions. Below I leave full krb5.conf and gss.conf, that I using now and hope, that this information will save any time to anybody.

gss.conf (303 Bytes)
krb5.conf (364 Bytes)