[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
jabberd2 sasl auth with gsasl, gss and shishi
From: |
Andrés More |
Subject: |
jabberd2 sasl auth with gsasl, gss and shishi |
Date: |
Tue, 1 Nov 2011 12:23:06 -0300 |
Hi,
I'm trying to put together latest versions of jabberd2, gsasl, gss and shishi.
I would like to authenticate XMPP clients accessing Jabberd2 thru Kerberos.
http://ftp.gnu.org/gnu/shishi/shishi-1.0.0.tar.gz
http://ftp.gnu.org/gnu/gss/gss-1.0.1.tar.gz
http://ftp.gnu.org/gnu/gsasl/gsasl-1.6.1.tar.gz
I've manually compiled all the stuff, 'make check' is passing
everywhere [1], I've setup a shisa DB and I can use shishi to get
tickets as expected. However when trying to use Jabberd2 SASL it won't
list GSSAPI or GS2-KRB5 as available mechanisms.
I think I've isolated the issue by using the gsasl command [2]. It is
not listing GSSAPI when asking for --server-mechanisms. I've tried to
follow the code callbacks in gsasl and gss without success...
What can I do to find out more troubleshooting information? I've read
most of what I've found in the web but I'm still lost [3]. I apologize
in advance if I'm not reaching the right mailing list.
Thanks!
-- Andres
[1]
BTW, I've found that the gsasl_nonce test needs too much entryophy so
I had to install rng-tool, so it won't run properly in a VM.
Self test `./simple' finished with 0 errors
PASS: simple
gsasl_nonce
^C
$ cat /proc/sys/kernel/random/entropy_avail
14
[2]
$ gsasl --client-mechanisms
Enter base64 encoded tls-unique channel binding: 123
This client supports the following mechanisms:
ANONYMOUS EXTERNAL LOGIN PLAIN SECURID NTLM DIGEST-MD5 CRAM-MD5 GSSAPI GS2-KRB5
$ gsasl --server-mechanisms
Enter base64 encoded tls-unique channel binding: 123
Enter GSSAPI service name (e.g. "imap"): xmpp
Enter hostname of server: gentoo
This server supports the following mechanisms:
ANONYMOUS EXTERNAL LOGIN PLAIN SECURID DIGEST-MD5 CRAM-MD5
[3]
the output example at the end of the shishi manual walk-through does
not make sense to me, maybe I'm missing something there.
http://www.gnu.org/s/shishi/manual/shishi.html 'we illustrate using
the TGS service as well'
- jabberd2 sasl auth with gsasl, gss and shishi,
Andrés More <=