I’ve got Openfire and Spark working together just fine in a single-sign-on setup finally. I’m trying to get Pidgin to work now instead of Spark as a SSO client (it works fine as a regular auth/non-GSSAPI client). People keep mentioning that it’s possible but nobody has explained how.
There’s no explicit SSO XMPP option inside of Pidgin, so I can only assume that it’s just supposed to work. The only useful debug output from Pidgin I see is:
(16:01:59) sasl: Mechs found: GSSAPI
(16:01:59) sasl: No worthy mechs found
Why is it not worthy? I hear Pidgin already has Cyrus-SASL support compiled in. Is something else needed? Extra undocumented settings in accounts.xml??
Yes, I have xmpp.fqdn set. I realize that this is a client issue, but I’m sure somebody here is using Pidgin or some other non-Spark client for Windows SSO…anyone?
I was able to get this solved via the Pidgin mailing list:
Download and install MIT Kerberos for Windows. It runs netidmgr in the background which should work immediately if you already have c:\windows\krb5.ini there. As long as KfW is running, Pidgin works fine without any special config. Just create your XMPP account and leave the password field blank.