Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-1747

Spark appears to fall back to a non-sasl when authenticating

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.8.0
    • Fix Version/s: 2.8.0
    • Component/s: AD, GSSAPI, SASL, Smack
    • Labels:
      None
    • Environment:
      Microsoft Active Directory
      Openfire 4.1
      Spark (smack4)
      sasl types offered by server PLAIN and GSSAPI.

      Description

      Spark appears to fallback to jabber:IQ:auth when GSSAPI is offered by the server, but can't be used. GSSAPI/SSO usually can not be used when the Kerberos server is unavailable or the client can not get a ticket ( ie client off the internal network). This is a problem because non-sasl authentication methods have been removed from openfire core starting in 4.1, and appears to have been removed from new version of smack.

      In openfire if sasl.mechs is set to PLAIN,GSSAPI
      In Spark, when SSO is selected, spark will authentication and use GSSAPI.
      When SSO is not use, or can not be used because the Kerberos server is not available; the user should be able to disable SSO from spark, and authenticate using PLAIN. However when trying to do so authentication fails.

      In Openfire, if sasl-mech is set to only PLAIN, than Spark with authenticate with only username and password as expected.

      When using spark with smack3, and OF 4.02 sasl.mech set to PLAIN, GSSAPI; if SSO fails, a user can still authenticate after disabling SSO within Spark, and use their username and password (although using jabber:IQ:auth)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              guus Guus der Kinderen
              Reporter:
              speedy speedy
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: