[31737] in Kerberos
Re: XMPP & Kerberos 5
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Nov 30 16:04:24 2009
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <1259613946.6527.39.camel@entropy> (Edward Murrell's message of
"Tue, 01 Dec 2009 09:45:46 +1300")
Date: Mon, 30 Nov 2009 13:03:51 -0800
Message-ID: <87pr6zzpvs.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Edward Murrell <edward@murrell.co.nz> writes:
> GSSAPI and plain text logins work off the same password. As Russ
> Allberry pointed out in the other sub thread, this is not the best
> policy, so all the non-SSL channels, XMPP or otherwise, are disabled.
We were very pleasantly surprised at how universal both GSSAPI and TLS
support are in current XMPP clients. We were expecting requiring one or
the other to be a big hassle, but we require both and haven't had many
serious problems.
http://im.stanford.edu/ has our user documentation, in case anyone finds
it useful. We're running OpenFire as the server. (It has some serious
issues and I'd rather run something else, but the GSSAPI support at least
is fairly good. Even if it gets horribly confused by unqualified
principal names in places and then starts throwing Java exceptions.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
