powered by Jive Software

Openfire Spark in Win 7 SSO works only when run as administrator


Hi, there! I’m new in XMPP but thanks to your brilliant forum and finest advises have already rolled out in production a couple of openfire servers (linux vm-s) in different domains with 300+ spark clients (windows and linux vm and bare-metal)
S2S connection works fine, as well as SSO authorization on all linux hosts. But alas I can’t manage to run Spark with SSO neither on Win7 hosts nor on Win2012R2 terminal servers. Unfortunately I may not run spark with administrator privileges due to IT security policies, thus Windows users have to authorize themselves with username-password :frowning:
I’ve read a lot of articles about the matter, for example:

And a lot more, from this forum. I’m a new user here so I can’t add a lot of links :blush:

I’ve created AllowTGTSessionKey registry key - without it spark had refused to start using sso even from administrator.
I’ve tried to put krb5.ini in C:\Windows\ - but I believe, there is no use in it, because host is in domain and spark starts using sso from administrator well enough.
I’ve made some changes in Group Policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Network security: Configure encryption types allowed for Kerberos - I’ve set different sane combinations of check-boxes :slight_smile:
I’ve tried to replace native Spark’s JCE-files with downloaded JCE.

The only thing I haven’t tried yet is to set a CNAME for my Openfire servers - if there is a real practical use in alias except of usability?

I’m already run out of any ideas. Any help will be highly appreciated!!
Spark version is 2.8.3

Openfire version is 4.2.3