Hello,
I have read a lot of message on this forum and I still have SSO issue with Openfire that I can’t resolve.
I tried with both spark and pidgin (winXp) and the problem is the same, when I try to authentificate openfire 3.7.1 (hosted on a winXP SP2 with java 1.6.0_31-b05) returns the following packet :
On server side, nothing is reported in error.log, warn.log and debug.log.
The only thing logged is the following line in info.log :
2012.05.03 10:33:03 org.jivesoftware.openfire.net.SASLAuthentication - User Login Failed. Failure to initialize security context
Openfire window report the following lines :
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:/Openfire/conf/xmpp.keytab refreshKrb5Config is false principal is xmpp/myserver.mydomain.fr@MYDOMAIN.FR tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal’s key obtained from the keytab
Acquire TGT using AS Exchange
principal is xmpp/myserver.mydomain.fr@MYDOMAIN.FR
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 3E D5 5C 8C FF 4B 45 67 CC DC 57 30 6E 51 FB C2 >…KEg…W0nQ…
Added server’s keyKerberos Principal xmpp/myserver.mydomain.fr@MYDOMAIN.FRKey Version 6key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 3E D5 5C 8C FF 4B 45 67 CC DC 57 30 6E 51 FB C2 >…KEg…W0nQ…
- [Krb5LoginModule] added Krb5Principal xmpp/myserver.mydomain.fr@MYDOMAIN.FR to Subject*
*Commit Succeeded *
I tried with the keytab genereted by ktpass and ktab, problem is still here
I have checked my keytab with the kinit utility (returns no error)
I have double checked my gss.conf and krb5.ini
Time between openfire host and kdc is synchronized
reverse DNS for myserver.mydomain.fr is OK
xmpp.fqdn = myserver.mydomain.fr
sasl.mechs = GSSAPI
sasl.realm = MYDOMAIN.FR
xmpp.domain = myserver.mydomain.fr
My KDC is an AD Controller hosted on win 2k3 server R2
Any help would be greatly appreciated.
Thank you