doubt reg. TLS and GSSAPI
rahul at synovel.com
Fri Apr 11 10:36:58 EDT 2008
I am trying to use TLS and GSSAPI with pidgin. Here is my set up:
Domain - company.com (so jid would be user1 at company.com,
user2 at company.com ...)
Server ("Connect Server") - jabber.example.com
Realm - EXAMPLE.COM
I do not have any DNS SRV records set up but I have a properly
configured kerberos and TLS jabber server.
Now here are my doubts:
1. Does pidgin check the certificate against the domain name
(company.com) or the server name (jabber.example.com)? It currently
seems to be verifying against the domain name. Is this expected behaviour?
2. When pidgin tries to fetch a ticket for the jabber service, which of
the below is used as the servername for building the principal
xmpp/servername at EXAMPLE.COM?
- Domain company.com
- Server jabber.example.com
- Name got by resolving domain company.com and doing a reverse
look-up on the IP (Pidgin seems to be doing this currently)
- Name got by resolving server jabber.example.com and doing a
reverse look-up on the IP (Shouldn't this be the expected behaviour?)
3. Is it necessary that the domain company.com be resolvable if I am
filling the "Connect Server" field? If so, for what?
Looking forward to an early response.
Thanks and Regards,
More information about the Support