doubt reg. TLS and GSSAPI

Rahul Amaram rahul at
Fri Apr 11 10:36:58 EDT 2008


I am trying to use TLS and GSSAPI with pidgin. Here is my set up:

Domain - (so jid would be user1 at, 
user2 at ...)
Server ("Connect Server") -

I do not have any DNS SRV records set up but I have a properly 
configured kerberos and TLS jabber server.

Now here are my doubts:

1. Does pidgin check the certificate against the domain name 
( or the server name ( It currently 
seems to be verifying against the domain name. Is this expected behaviour?

2. When pidgin tries to fetch a ticket for the jabber service, which of 
the below is used as the servername for building the principal 
xmpp/servername at EXAMPLE.COM?
     - Domain
     - Server
     - Name got by resolving domain and doing a reverse 
look-up on the IP (Pidgin seems to be doing this currently)
     - Name got by resolving server and doing a 
reverse look-up on the IP (Shouldn't this be the expected behaviour?)

3. Is it necessary that the domain be resolvable if I am 
filling the "Connect Server" field? If so, for what?

Looking forward to an early response.

Thanks and Regards,

More information about the Support mailing list