Hello,
Debian Wheezy Openfire 3.10.0
our openfire installation can no longer authenticate clients with gssapi. We enabled debugging, but server side debug logs contain nothing even mentioning gssapi / kerberos / sasl authentication.
using wireshark we were able to get some information:
<stream:stream to='XXXX' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'><?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="XXXX" id="a7be6887" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism><mechanis m>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features><auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='GSSAPI' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>YoAMCARCiRgREz2rSxqA3Q5dD2ZbM73/xMnbjU72 UwqJjej5KQ/iAMvl4jxB3qHrxGCOwO9ZmALIRBc2HuaXjS3BwqP3c1AbMu8AqJBk=</challenge><re sponse xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/><failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><incorrect-encoding/></failure></strea m:stream>
all clients can login using their password. We did not change any configuration files for the upgrade and used the normal debian wheezy package.
Thanks.