#930 SASL GSSAPI doc

Reporter Matthieu
Owner Nobody
Stars ★ (1)  
  • Status-New
  • Type-Enhancement
  • Priority-Medium
  1. Matthieu on

    What steps will reproduce the problem? 1. read the doc https://prosody.im/doc/cyrus_sasl What is the expected output? What do you see instead? A bit more doc What version of the product are you using? On what operating system? 0.9.12 on Ubuntu 16.04 Please provide any additional information below. When using the GSSAPI authentication method: * on the Kerberos KDC server, create a principal "xmpp/host_fqdn@EXAMPLE.COM" (host_fqdn must be the reverse DNS of your XMPP server, not its virtualhost name) * create a keytab with "xmpp/host_fqdn@EXAMPLE.COM" in, say, /etc/prosody/im.example.com.keytab that is readable only by prosody * in /etc/prosody/prosody.cfg.lua : set cyrus_service_realm to im.example.com and cyrus_server_fqdn to host_fqdn (the reverse DNS of your XMPP server) * in /etc/sasl/prosody.conf or /etc/sasl2/prosody.conf (more exactly, /etc/sasl/$cyrus_service_name.conf), put: pwcheck_method: saslauthd mech_list: GSSAPI keytab: /etc/prosody/im.example.com.keytab * its location does not seem to depend on the distribution (even in Ubuntu, for example, Prosody searches for both /etc/sasl/prosody.conf and /etc/sasl2/prosody.conf).

New comment