Pidgin XMPP and Kerberos

clockwork at sigsys.org clockwork at sigsys.org
Thu Feb 21 22:34:22 EST 2008


I'll look into using SRV records tomorrow as well to see if that resolves
the issue.

On 2/21/08, Etan Reisner <deryni at pidgin.im> wrote:
>
> On Thu, Feb 21, 2008 at 05:55:23PM -0500, clockwork at sigsys.org wrote:
> > Cant say what the expected behavior is regarding the user ID's, but that
> > isnt the problem I'm running into. :-)
> >
> > The trick is AFAIK there is no such thing as a generic ticket in
> kerberos
> > the tickets are always tied to hosts (ie I dont think you can have
> ticket
> > for xmpp/foo.com). So IMHO the connect server should override the Domain
> in
> > this respect.
>
>
> The this is the domain portion of the JID is a host, and is what pidgin
> uses to look up what ip/machine to connect to by default.
>
> If, for whatever reason, that domain name does *not* resolve (via DNS) to
> the correct host then DNS SRV records should be set up for pidgin to use
> to resolve the correct host.
>
> If the domain is not the correct host *and* DNS SRV records are not
> available for the domain then pidgin allows you to manually specify a
> connect server to override the DNS lookup on domain.
>
> I am still not at all capable of really asserting what the 'correct'
> behaviour here is with respect to the connect server/DNS resolution, but I
> *think* using the given domain is in fact correct and that the recently
> created XEP-0233 is designed to answer exactly this situation.
>
> I will attempt to bring this up in one of the XMPP chat rooms when I am
> next able to spend some time discussing it with the people who might know
> better.
>
>
>     -Etan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/pipermail/support/attachments/20080221/ee52a1e1/attachment.html>


More information about the Support mailing list