[Bug 14928] RFE: support for logging in with GSSAPI/Kerberos

Thu Mar 1 16:20:30 CET 2012

https://bugs.freedesktop.org/show_bug.cgi?id=14928

--- Comment #13 from Simon McVittie <simon.mcvittie at collabora.co.uk> 2012-03-01 07:20:30 PST ---
Returning to this a year later:

telepathy-gabble now supports offloading SASL to an external process (a Handler
for SASLAuthentication channels). An Empathy component which uses gnome-keyring
and/or an interactive prompt is more or less the reference implementation (I
believe it's called empathy-auth internally). There's also one in Maemo/MeeGo
Harmattan on the N9, and I believe there's another in Telepathy-KDE.

The purpose of offloading these things into an external UI is that that UI can
prompt the user for passwords, tokens or whatever else they're expected to
provide; if Kerberos/GSSAPI authentication is non-interactive, you could try it
first without showing any UI, though.

Gabble is now almost entirely SASL-mechanism-agnostic: it just proxies the list
of available SASL mechanisms, and the SASL handshake for the chosen mechanism,
onto D-Bus. The exceptions are when you do simple password authentication,
either by providing a password before you connect or using the
X-TELEPATHY-PASSWORD pseudo-mechanism (designed to make implementation of
trivial clients easier); in either of those cases, Gabble still does the SASL
handshake internally, using one of its supported mechanisms (which I believe
are still limited to PLAIN or DIGEST-MD5).

So, if your XMPP server exposes Kerberos or GSSAPI as an ordinary SASL
mechanism, I believe it should now be possible to implement Kerberos or GSSAPI
in the SASLAuthentication Handler (password-prompting UI), without changes to
Gabble. I'd suggest modifying the SASLAuthentication Handler in Empathy as a
good starting point.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.