On Sat, 2012-06-16 at 23:45 +0200, Natxo Asenjo wrote: > hi, > > After some initial troubles (thanks rcrit on irc) I got this to work > nicely. I have used the openfire > http://www.igniterealtime.org/projects/openfire/index.jsp xmpp/jabber > server. > > Instructions here: > > http://test.asenjo.nl/index.php/Openfire_ipa
Nice writeup Natxo, I am curious about the SSO setup. Why did you need to restrict the keytab to des3 ? Using the default settings (that include AES keys would be normally better). If it is due to restrictions in the java security library, you should be able to download a library with full support for AES from Oracle (they have a separate build due to some export control stuff that is available for download). I am also curious about the need to set isInitiator to false. Service keys in IPA can be used to init security contexts, what kind of failure did you see setting it to true ? The 'isInitiator=false' may be necessary in AD where servicePrincipals and userPrincipals are considered distinct entities and AD forbids servicePrincipals to perform AS Requests, but this is not limited in IPA, by default you should be able to initiate just fine. HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
