XMPP Kerberos support broke between 1.4b6 and 1.4b7

[testman57]

I used to connect to my company xmpp server through kerberos authentication. It worked fine (except the auto connect not working, possibly due to no password being entered in the account information) until I updated to 1.4b7 today, where it is now asking for a password while I have a correct ticket. It even seems to get the ticket for the service, yet it asks again for the password. Server side is Openfire.

[gettes]

I am having the very same problem. I have gone back and forth from performing kerberos authN and not. With Kerberos authN I get the following in my log.

20:32:02: -[AIAccount(Abstract) retrievePasswordThenConnect]: Retrieving <ESPurpleJabberAccount:18728810 20>:gettes@…'s password (promptOption 1) 20:32:02: <ESPurpleJabberAccount:18728810 20>:gettes@…: Updating status for key: Online 20:32:02: <ESPurpleJabberAccount:18728810 20>:gettes@…: Updating status for key: Enabled 20:32:02: <ESPurpleJabberAccount:18728810 20>:gettes@…: Updating status for key: FullNameAttr 20:32:02: handleConnectivityForAccount: <ESPurpleJabberAccount:18728810 20>:gettes@… reachable: 1 20:32:03: Original image of size 171.000000 171.000000 20:32:03: <ESPurpleJabberAccount:18728810 20>:gettes@…: Scaled image to size {96, 96} 20:32:03: -[CBPurpleAccount setAccountUserImage:withData:]: <ESPurpleJabberAccount:18728810 20>:gettes@… setting icon data of length 16750 20:32:03: -[AIWebKitMessageViewController listObjectAttributesChanged:]: <ESPurpleJabberAccount:18728810 20>:gettes@…'s icon changed 20:32:03: -[AIWebKitMessageViewController updateUserIconForObject:]: Updating /Users/gettes/Library/Caches/Adium/Default/TEMP-20108O7.png to /Users/gettes/Library/Caches/Adium/Default/TEMP-2073QUG.png 20:32:03: -[AIWebKitMessageViewController listObjectAttributesChanged:]: <ESPurpleJabberAccount:18728810 20>:gettes@…'s icon changed 20:32:03: -[AIWebKitMessageViewController updateUserIconForObject:]: Updating /Users/gettes/Library/Caches/Adium/Default/TEMP-20108O7.png to /Users/gettes/Library/Caches/Adium/Default/TEMP-2073QUG.png 20:32:03: -[AIWebKitMessageViewController listObjectAttributesChanged:]: <ESPurpleJabberAccount:18728810 20>:gettes@…'s icon changed 20:32:03: -[AIWebKitMessageViewController updateUserIconForObject:]: Updating /Users/gettes/Library/Caches/Adium/Default/TEMP-20108O7.png to /Users/gettes/Library/Caches/Adium/Default/TEMP-2073QUG.png 20:32:03: <ESPurpleJabberAccount:18728810 20>:gettes@…: Updating status for key: User Icon 20:32:03: Adium: Connect: gettes@… initiating connection using status state <AIStatus: 1870b070 [Available]> ((null)). 20:32:03: Setting status on 2084c520 (gettes@…/Adium): ID available, isActive 1, attributes {

buzz = 1; priority = 0;

} 20:32:03: (Libpurple: account) Connecting to account gettes@…/Adium 20:32:03: (Libpurple: connection) Connecting. gc = 0x26d28090 20:32:03: Connecting: gc=0x26d28090 (Connecting) 1 / 5 20:32:03: (Libpurple: dns) DNS query for 'jabber.mit.edu' queued 20:32:03: ************ gettes@… --step-- 1 20:32:03: -[AdiumPurpleDnsRequest startLookup]: Performing DNS resolve: jabber.mit.edu:5223 20:32:03: DNS resolve complete for jabber.mit.edu:5223 20:32:03: (Libpurple: dnsquery) IP resolved for jabber.mit.edu 20:32:03: (Libpurple: proxy) Attempting connection to 18.7.21.91 20:32:03: (Libpurple: proxy) Connecting to jabber.mit.edu:5223 with no proxy 20:32:03: (Libpurple: proxy) Connection in progress 20:32:03: (Libpurple: proxy) Connecting to jabber.mit.edu:5223. 20:32:03: (Libpurple: jabber) Sending: <?xml version='1.0' ?> 20:32:03: Connecting: gc=0x26d28090 (Initializing Stream) 2 / 5 20:32:03: (Libpurple: jabber) Sending: <stream:stream to='mit.edu' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'> 20:32:03: ************ gettes@… --step-- 2 20:32:03: (Libpurple: jabber) Recv (7): 20:32:03: (Libpurple: jabber) XML parser error for JabberStream 0x0: Domain 1, code 4, level 3: Document is empty 20:32:03: (Libpurple: jabber) Recv (480): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="mit.edu" id="a80f4151" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism><mechanism>PLAIN</mechanism></mechanisms><compression xmlns=" http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns=" http://jabber.org/features/iq-auth"/></stream:features> 20:32:03: (Libpurple: jabber) xmlParseChunk returned fatal 4 20:32:03: Connection Disconnected: gc=26d28090 (XML Parse error) 20:32:03: <ESPurpleJabberAccount:18728810 20>:gettes@… accountConnectionReportDisconnect: XML Parse error 20:32:03: (Libpurple: account) Disconnecting account 0x2084c520 20:32:03: (Libpurple: connection) Disconnecting connection 0x26d28090 20:32:03: (Libpurple: jabber) Sending: </stream:stream> 20:32:03: Disconnected: gc=26d28090 20:32:03: <ESPurpleJabberAccount:18728810 20>:gettes@…: Telling the core we disconnected 20:32:03: <ESPurpleJabberAccount:18728810 20>:gettes@…: Disconnected ("XML Parse error"): Automatically reconnecting in 5.000000 seconds (0 attempts performed) 20:32:03: (Libpurple: connection) Destroying connection 0x26d28090

[raeburn]

I'm seeing similar problems, but my log data is a little different from what gettes reports; I get as far as "step 7" being logged instead of "step 2".

It gets past the step where it failed for him:

20:36:33: ************ raeburn@mit.edu --step-- 2
20:36:33: (Libpurple: jabber) Recv (180): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="mit.edu" id="35bda67b" xml:lang="en" version="1.0">
20:36:33: Connecting: gc=0x1884c8d0 (Authenticating) 3 / 5

but then fails in authenticating:

20:36:33: (Libpurple: sasl) Mechs found: GSSAPI PLAIN 
20:36:33: (Libpurple: jabber) Sending (ssl): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='GSSAPI' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
20:36:33: ************ raeburn@[...elided...] --step-- 7
20:36:33: (Libpurple: jabber) Recv (ssl)(196): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">YGAGCSqGSIb3EgECAgIAb1EwT6ADAgEFoQMCAQ+iQzBBoAMCAQGiOgQ4HU7OQiXSTyiNqVaFdeDzIsKIOFiVxZSUyvX098AnDj4A14ZELq4rbaX9s/6ZdPQLlv8BAs5udNA=</challenge>
20:36:33: (Libpurple: jabber) Sending (ssl): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>
20:36:33: (Libpurple: jabber) Recv (ssl)(136): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">YDMGCSqGSIb3EgECAgIBAAD//////FzmATRXhIR2/1jyEoKBnt604BhobU2pAQEAAAQEBAQ=</challenge>
20:36:33: (Libpurple: jabber) Sending (ssl): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>YDMGCSqGSIb3EgECAgIBLGNoYXJzZXQ9dXRmLTgAem1BVFJYaElSMi8xanlFb0tCbnQ2MDRCaG9iVTJwQVFFQUFBUQ==</response>
20:36:33: (Libpurple: jabber) Recv (ssl)(77): <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
20:36:33: (Libpurple: sasl) Mechs found: PLAIN 

I've got Kerberos credentials for xmpp/jabber.mit.edu, same as I get with pidgin 2.4.3 on Linux (which successfully authenticates, so (a) it's the right principal, and (b) I am actually authorized to access the account); they've just been acquired, so it must've been by this invocation of adium.

(It might be relevant that I have TLS turned on; I don't know if either gettes or testman57 do.)

[testman57]

Hello, it seems like the problem was solved between beta 7 and beta 8 now... perhaps something in libpurble changed (I am going to check the recent changes there now)

The other problem remains (no automatic login, possibly because of lack of password in the account configuration)

[raeburn]

Yes, I meant to comment -- signing on with Kerberos is working for me too in b8.

[wixardy]

Ticket #12647 has been marked as a duplicate of this ticket.