Opened 9 years ago

Closed 8 years ago

#12631 closed defect

GSSAPI Authentication fails when using Heimdal

Reported by: bill3i Owned by: deryni
Milestone: Component: XMPP
Version: 2.7.3 Keywords: GSSAPI Heimdal


Our jabber server using GSSAPI authentication. I am able to successfully connect to the server when using MIT's kerberos support, but I get a failure when using Heimdal kerberos. This has been tested with Pidgin 2.6.6 and 2.7.3. The OS is ubuntu lucid. The versions of GSSAPI are the stock lucid packages. Here is a snipet from the debug log. (The complete log is attached.)

(10:24:31) sasl: Mechs found: GSSAPI

(10:24:31) jabber: Sending (ssl) (whm@…/): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='GSSAPI '>password removed</auth>

(10:24:31) jabber: Recv (ssl)(208): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">YGkGCSqGSIb3EgECAgIAb1owWKADAg EFoQMCAQ+iTDBKoAMCARKiQwRBFoM750mKQI9XZHzVJKflPkUklanaAqd3jpeL0rPwwsAjDhsM5BMc3UujYCpddK1SF/CKClPxFnKBN78+22AzgnU=</ch allenge>

(10:24:31) jabber: Sending (ssl) (whm@…/): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

(10:24:31) jabber: Recv (ssl)(108): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">BQQF/wAMAAAAAAAAJL6uvwEBAACvvy e1HK960p0e0r8=</challenge>

(10:24:31) sasl: GSSAPI Error: A token was invalid (unknown mech-code 0 for mech unknown)

(10:24:31) jabber: Error is -1 : SASL(-1): generic failure: GSSAPI Error: A token was invalid (unknown mech-code 0 fo r mech unknown)

(10:24:31) connection: Connection error on 0x9346250 (reason: 3 description: SASL error: SASL(-1): generic failure: GS SAPI Error: A token was invalid (unknown mech-code 0 for mech unknown))

(10:24:31) account: Disconnecting account whm@…/ (0x8cbc300)

(10:24:31) connection: Disconnecting connection 0x9346250

(10:24:31) jabber: Sending (ssl) (whm@…/): </stream:stream>

(10:24:31) connection: Destroying connection 0x9346250

Attachments (1)

debug1.log (31.8 KB) - added by bill3i 9 years ago.
debug log

Download all attachments as: .zip

Change History (4)

Changed 9 years ago by bill3i

debug log

comment:1 Changed 9 years ago by QuLogic

  • Component changed from libpurple to XMPP
  • Owner set to deryni

comment:2 Changed 8 years ago by darkrain42

  • Status changed from new to pending

Apologies for the long delay here. GSSAPI support is provided to libpurple by Cyrus SASL. In this case, all we actually do is feed Cyrus the data received from the server (and the error you're seeing there is returned by Cyrus).

I'm (unfortunately) not sure there is any benefit we'll be able to add to this, particularly because I personally have no experience with Kerberos-via-GSSAPI.

comment:3 Changed 8 years ago by trac-robot

  • Status changed from pending to closed

This ticket was closed automatically by the system. It was previously set to a Pending status and hasn't been updated within 14 days.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!