[Freeipa-users] Jabber services for IPA
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Thu Feb 9 16:50:59 UTC 2012
On 02/09/2012 07:24 AM, Dale Macartney wrote:
>
> Hey Erin
>
> that would be fantastic, thanks very much.
>
> I have to admit, i had a bit of a chuckle re: your comment of kerberos
> acting in the event of no password. I would have *never* thought of that
> haha.
>
> Dale
>
>
>
> On 02/09/2012 04:01 PM, Erinn Looney-Triggs wrote:
>> On 02/09/2012 06:48 AM, Dale Macartney wrote:
>>>
>>> Morning all
>>>
>>> I have a working setup of ejabberd authenticated to pam on an IPA client
>>> which works great.. However, unlike my other projects to provide
>>> details of integration with IPA, I am struggling with the SSO aspect of
>>> it, simply because of a lack of knowledge of jabber packages. (Currently
>>> I have used ejabberd and pidgin for testing, and from an end user view
>>> point, there doesn't appear to be an option to select kerberos to
>>> authenticate with).
>>>
>>> My goal, like other services is to tap *a* jabber service (can be
>>> anything) into ipa for single sign on.
>>>
>>> What is the general feeling in the community around jabber in the
>>> enterprise? (Useful or not? Best practices?)
>>> What is your preferred jabber software (server and client would be handy
>>> to know for testing) and why?
>>> Does it support GSSAPI?
>>>
>>> Many thanks
>>>
>>> Dale
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>> Dale,
>> I built a setup using openfire (the IM server) that utilized kerberos.
>> It is slightly tricky unfortunately, kerberos has been the realm of
>> universities and big business for a long time so a lot of things are not
>> straight forward.
>
>> Pidgin does natively support kerberos so you can use that easily, the
>> way to use kerberos in pidgin is simply not to provide it with any
>> password info, it will try kerberos in the process. This works both on
>> windows (using kfw) and linux systems, probably macs too, but I have
>> never tested it on macs.
>
>> I will see if I can dig up some notes from configuring openfire.
>
>> -Erinn
>
>
Basically the best notes that I have come from here:
http://itlab.stanford.edu/blog/archives/2009/test-services/openfire-and-kerberos-implementation-notes
The instructions are terse and it is a bit of a slog.
Pay particular attention to the custom jar file that comes from MIT, you
need to edit this to set your realm in there.
-Erinn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120209/43f6242e/attachment.sig>
More information about the Freeipa-users
mailing list