powered by Jive Software

Pidgin as Windows SSO client

I’ve got Openfire and Spark working together just fine in a single-sign-on setup finally. I’m trying to get Pidgin to work now instead of Spark as a SSO client (it works fine as a regular auth/non-GSSAPI client). People keep mentioning that it’s possible but nobody has explained how.

There’s no explicit SSO XMPP option inside of Pidgin, so I can only assume that it’s just supposed to work. The only useful debug output from Pidgin I see is:

(16:01:59) sasl: Mechs found: GSSAPI
(16:01:59) sasl: No worthy mechs found

Why is it not worthy? I hear Pidgin already has Cyrus-SASL support compiled in. Is something else needed? Extra undocumented settings in accounts.xml??

/daikichi

I think you should ask this on Pidgin forums.

do you have the xmpp.fqdn property set? I’ve read that pidgin requires this.

SSO is a client based issue. This should be directed to the developers of pidgin.

Yes, I have xmpp.fqdn set. I realize that this is a client issue, but I’m sure somebody here is using Pidgin or some other non-Spark client for Windows SSO…anyone?

I was able to get this solved via the Pidgin mailing list:

Download and install MIT Kerberos for Windows. It runs netidmgr in the background which should work immediately if you already have c:\windows\krb5.ini there. As long as KfW is running, Pidgin works fine without any special config. Just create your XMPP account and leave the password field blank.

Hope this might help someone else.

/daikichi