Pidgin XMPP and Kerberos

Etan Reisner deryni at pidgin.im
Fri Feb 22 23:38:54 EST 2008


On Thu, Feb 21, 2008 at 10:41:03PM -0500, Etan Reisner wrote:
> On Thu, Feb 21, 2008 at 10:34:22PM -0500, clockwork at sigsys.org wrote:
> > I'll look into using SRV records tomorrow as well to see if that resolves
> > the issue.
>
> In this case I don't believe SRV records are going to make any difference,
> as pidgin seems to use the domain as the host name in the Kerberos ticket
> request. And SRV records only come into play with a bare domain and not
> the full host domain.
>
> But feel free to try it and see.
>
>     -Etan

So it would seem I was wrong on this, with proper SRV records setup pidgin
should in fact use the SRV resolved FQDN in the sasl communication which
should allow for a proper Kerberos ticket request.

There was a bunch of discussion in #pidgin today about how this is alls
upposed to work (prompted by my discussion with some XMPP people about how
it should all work) and pidgin may be getting code added to better handle
this, so as to allow domains specified in the connect server to be used
for the sasl negotiation.

    -Etan




More information about the Support mailing list