I have a bit of a unique setup going. I manage the networks for multiple companies, and these networks are primarlily thin client based. Both are using Server 2003 64-bit. I have Openfire and Spark installed on one of the networks without SSO being enabled, but would like to implement SSO. The 2nd network I am working on bringing online with SSO from day one.
Here is the run down:
Openfire 3.6.2 installed on the SBS 2003 R2 Domain Controller backed by SQL 2005 Express
Spark 2.6.0 beta 2 with jre on a 2003 R2 Standard x64 server running as a terminal server
I followed the SSO tutorial found at http://www.igniterealtime.org/community/docs/DOC-1060 with one exception, because Spark crashes when you try to use the Advanced button, I used a spark.properties file (attached).
With all of the files in place, Spark will not start and I get a dump file (attached).
I have found that if I remove the krb5.ini (attached) file from the %userprofile%\Windows folders (remember, this is a terminal environment, it is not seen when it is in the C:\Windows folder)
I have an sso setup and its working but I am not using a term server. I have a 2003 virtual machine that I just now for this test installed term server on with secured mode (instead of relaxed security) and installed my custom install. it worked as an admin but wouldn’t do anything for any other user. I added permissions on the Spark folder and now it works for ordinary users. I do have one big difference in my spark.properties file. I have the following lines (with my info removed):
does a x64 have any affect in this scenario besides a different jvm? I know the os will be a x64 build but i wouldn’t think that would make a difference.
Have you tried putting the krb5.ini in the c:\windows directory. I do not see why this would not work even in a TS server. The clients can see the screen savers and other such files in the windows directory. If this is not true please elaborate on why TS servers are different so I can learn something new.
when I setup my vm as a term server it had 2 default options for how to restrict users, I chose the most restrictive. when I installed my spark build I put the krb.ini in c:\windows\ and it works just fine.
When running in a multi-user environment like on a TS server, user specific settings (such as .ini files you would normally find in the c:\windows folder)
are kept in the %userprofile%\windows folder so users can have individual settings. While a user maybe able access screensavers, etc., in the windows
folder, some setting information is kept in profile folder.
The attached error log shows Spark looking in the %userprofile%\windows folder for the krb5.ini file. When this log was produced, the krb5.ini file was in
the c:\windows folder.
On a properly configured TS server this is true wether Permission Compatibility is set to relaxed or full. I have tested Spark with the server in both
full and relaxed permission compatbility with the same results.
Spark will not use the 64 bit jvm.dll file thus some of the limited capabilities when using Spark on a 64 bit OS. error.log (2492 Bytes)
what if you put the krb.ini back in the %userprofile%\windows directory and make sure that user has permissions, and then use the changed I suggested in your spark.properties.
OpenFire installed on a member 2003 Server connecting to the AD, called central
The AD server is zeus.
I have followed the SSO instructions mentioned above.
I have setup a generic XP workstation for testing, with the krb5.ini in the Windows directory.
When I launch Spark I get the following:
From OpenFire:
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/Program Files/Openfire/resources/xmpp.keytab refreshKrb5Config is false principal is xmpp/zeus.tbnohio.local@TBNOHIO.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal’s key obtained from the keytab
Acquire TGT using AS Exchange
[Krb5LoginModule] authentication failed
Identifier doesn’t match expected value (906)