doubt reg. TLS and GSSAPI

Rahul Amaram rahul at synovel.com
Fri Apr 11 10:36:58 EDT 2008


Hi,

I am trying to use TLS and GSSAPI with pidgin. Here is my set up:

Domain - company.com (so jid would be user1 at company.com, 
user2 at company.com ...)
Server ("Connect Server") - jabber.example.com
Realm - EXAMPLE.COM

I do not have any DNS SRV records set up but I have a properly 
configured kerberos and TLS jabber server.

Now here are my doubts:

1. Does pidgin check the certificate against the domain name 
(company.com) or the server name (jabber.example.com)? It currently 
seems to be verifying against the domain name. Is this expected behaviour?

2. When pidgin tries to fetch a ticket for the jabber service, which of 
the below is used as the servername for building the principal 
xmpp/servername at EXAMPLE.COM?
     - Domain company.com
     - Server jabber.example.com
     - Name got by resolving domain company.com and doing a reverse 
look-up on the IP (Pidgin seems to be doing this currently)
     - Name got by resolving server jabber.example.com and doing a 
reverse look-up on the IP (Shouldn't this be the expected behaviour?)


3. Is it necessary that the domain company.com be resolvable if I am 
filling the "Connect Server" field? If so, for what?


Looking forward to an early response.


Thanks and Regards,
Rahul.



More information about the Support mailing list