For those who are using SSO (Single Sign On) Spark 2.8.0 may require an update to keytab file, if you are using SRV records. You will need to add a SPN for that record and recreate the keytab file.
Example: If your xmpp domain is igniterealtime.org; your SRV record might be xmpp.igniterealtime.org
Review current SPN:
setspn -L keytab (keytab is the keytab user account used)
Output:
Registered ServicePrincipalNames for CN=keytab,CN=Users,DC=domain,DC=local:
xmpp/igniterealtime.org
xmpp/igniterealtime.org@DOMAIN.LOCAL
Add SRV records:
setspn -S xmpp/xmpp.igniterealtime.org keytab
setspn -S xmpp/xmpp.igniterealtime.org@DOMAIN.LOCAL keytab
Review SPN again:
setspn -L keytab
Output:
Registered ServicePrincipalNames for CN=keytab,CN=Users,DC=domain,DC=local:
xmpp/igniterealtime.org
xmpp/xmpp.igniterealtime.org
xmpp/xmpp.igniterealtime.org@DOMAIN.LOCAL
xmpp/igniterealtime.org@DOMAIN.LOCAL
Review your gss.conf file within your …\openfire\conf folder:
Locate the principal and keytab filenames, e.g. principal=“xmpp/igniterealtime.org”, keytab=“C:/openfire/resources/xmpp.keytab”
Recreate your keytab using the principal and keytab filenames from above:
ktpass -princ xmpp/igniterealtime.org@DOMAIN.LOCAL -mapuser keytab@domain.local -crypto all -pass * -ptype KRB5_NT_PRINCIPAL -out xmpp.keytab
Replace keytab in …\openfire\resources\ with the new keytab file.
Restart Openfire.
****Note: the new setting should be compatible with 2.7.x Spark versions.