[Adium-devl] server Kerberos principal names
Ken Raeburn
raeburn at raeburn.org
Thu Jan 10 22:12:08 UTC 2008
On Jan 10, 2008, at 14:32, Peter Saint-Andre wrote:
> Ken Raeburn wrote:
>> At first glance, I'm not sure how much it helps, though. I've got
>> to go back and re-read Nico's docs....
I found the piece I was missing. It should do the trick, yeah.
(Though it'd be nicer if SASL supported domain-based names and Jabber
just used that, instead of making it specific to Kerberos, but,
whatever.)
> However, the problem is large deployments with multiple connection
> managers. You're assigned to a particular connection manager by a
> load balancer. So you don't know if you'll end up with a physical
> connection (TCP socket) at us3.cm.xmpp.example.com or
> eu7.xmpp.example.com or whatever, and you need to know that
> specific hostname in order to get the right service principal name
> etc.
There are some possible arguments for using the JID domain instead of
the hostname, but like you say, this isn't the place to hash them
out. And if the current XMPP specs say you use the name of the host
you connect to, whether configured by the user or looked up via SRV
RR, then that's what it says, and then I can tell which cases Adium
(or libpurple) is getting right and which it isn't, and fix the
latter.... Thanks.
Ken
More information about the devel
mailing list